Enterprises need to define their minimum and recommended level of security controls to support minimal and standard levels of access. A minimum baseline is a powerful position by which all smartphones can be assessed for their suitability for use in the company. Do you recognize the essential relationship between device configuration and device security? It’s not possible to keep a device secure if there is no management framework to set and audit compliance parameters.
Consider the following suggestions when developing or reviewing a smartphone security. A typical list may include
- Synchronization controls:Allows or disallows synchronization over the air (OTA) or via a local workstation.
- Roaming controls:Prevents or allows the use of roaming voice and data networks to control expenses.
- Usage limitations of local and peripheral networks (such as Wi-Fi, Bluetooth, IrDA and USB):Limits usage of and exposure through direct device connections.
- Limit accepted devices by hardware certification:Requires a means of identifying the device to control access to company e-mail and company Wi-Fi access points.
- Enhanced password controls:Requires the use of a local power-on password with minimum length and complexity requirements.
- Lock device after password retry limit:Foils brute-force login attacks.
- Lock device after inactivity timeout:Reduces possibility of device context exposure.
- Data encryption:Requires encryption in core memory and, ideally, on removable media.
- Remote lock and or wipe: Remotely disables and/or eliminates access for a device that has been lost, stolen or otherwise compromised.
A more comprehensive controls may may include:-
- Require user to periodically reauthenticate, even if the phone is in continuous use.
- Limit use of the phone camera. Conditional usage may require central authorization, a password, or registration within or outside a designated wireless network.
- Change phone behavior, including remote lock and wipe thresholds, if the SIM card is removed or the phone’s network connections are shut down.
- Allow or deny applications completely (blacklisting and whitelisting).
- Limit application access to the radio, system data and sensitive application programming interface. This status could be made modifiable through blacklisting and whitelisting.
- Add or change options for using applications on the phone while it is in a locked state.
- Introduce additional authentication methods.