June 20, 2011 (Atlanta, GA) – MDI Group hosts a series of IT Executive Forums for technology leaders among various industries to share thoughts and best practices regarding current business challenges. The Spring 2011 forum discussion topic was:
The Business Mobility Explosion:
Data Security, Personal Devices, Compliance and Manageability
Forum events were held on select dates during April and May of 2011 in each of the four markets served by MDI Group: Atlanta, Dallas, Greenville and Phoenix.
The following summarizes the discussion among attendees from all four forum events, which was moderated using four topic questions.
Does your organization have or plan on implementing policies on the storing of data or sensitive information on mobile devices?
While most leaders indicated that they are implementing data policy plans, many agreed that “wrapping their arms” around all the risks associated with mobile data use via the Internet was still a difficult challenge. Thus, even the best plans tend to be “very vague” in defining responsibilities for use of specific devices and means of data access. Some of the challenges for creating plans include defining IT support levels for specific devices and whether the company or its personnel “own” the liability of personal mobile device use.
Does your organization allow personal mobile devices to access the corporate network, and if so, what safeguards do you put in place to minimize data risks?
Most organizations are trending away from corporate issued mobile devices in favor of a stipend for personnel to own the devices that they use to access the corporate network. However, some devices (Blackberry, iPhone) tend to be favored over others (Droid) for granting network access due to expressed concerns of platform security. Mobile Device Management tools such as Airwatch, DropBox, Good and Mobile Iron were cited as good methods for supporting data encryption and risk mitigation. Most attendees agreed that the ability to “remote wipe” the mobile device data, or at least its access to corporate data, was another key security consideration. One representative organization gives employees a 20 section test to evaluate and educate users on mobile device security and policies.
What is your organization’s position on the use of Mobile Marketplaces and App stores by mobile devices that access your corporate network?
Most IT leaders do not allow access to mobile marketplaces and expressed varying degrees of frustration related to monitoring and policing these sites. One attendee thanked Steve Jobs for the “iTunification” of IT professionals who now have an added layer of complexity to user support. Many users tend to find ways to “work around” policies and procedures in order to access these outlets, placing added stress on network capacities. Social media site apps are also causes for added security issues.
What tools, techniques or approaches does your organization use to mitigate the risks associated with malware being introduced by a mobile application or device?
Tools such as Citrix and WebEx were frequently mentioned for providing users with virtual access to corporate data via personal devices. However, most malware concerns related to physically connecting personal devices to corporate access points (via USB ports, for example). Consequently, many leaders expressed concern for not having tighter controls on these access points. Some organizations have completely “locked down” all USB ports on corporate issued devices.
Other tips and best practices:
Subject matter experts who facilitated the forum discussed research that examined the number of mobile devices left in taxis from various cities worldwide. In Chicago alone, during the six month survey period, more than 85,000 mobile phones and 4,000 laptops were left behind as passengers exited the vehicles. These staggering numbers support the need for “Personalized Security”—the modern term for mobile security – and its best practices of (1) setting passwords for personal devices, (2) using password manager applications, (3) being able to remote wipe device data, (4) wiping data after multiple failed password attempts and (5) regularly backing up device data.
About MDI Group
MDI Group is a premier IT Workforce Solutions provider with more than 20 years expertise in finding ‘best-fit’ IT talent for mid-sized to Fortune 500 clients nationwide. Offering IT Staffing Solutions and Contingent Workforce Management, MDI Group has recorded profitable growth every year since it was established in 1988. Headquartered in Atlanta, Georgia, MDI Group has also been named one of Atlanta’s 40 best places to work. To learn more about MDI Group, please visit www.mdigroup.com.