Managing mobile security: How are we doing?

Abstract

The latest mobile phones, such as the iPhone and Google's Android-based Nexus One, are changing the way that we do business. Company-confidential information is being both accessed and stored on mobile phones. Some of these phones are owned and managed by the organisations concerned, but increasingly, employees are using their own devices that the IT department knows nothing about. Goode Intelligence provides a snapshot of how businesses are tackling the problems posed by mobile phones, and ascertains if they are ready and equipped to deal with these unique challenges. This comprehensive survey covers most aspects of mobile phone security including policy and standards awareness, mobile applications and security, staffing and management, access and authentication (including use of the mobile phone as an authentication device), virus and malware, spam, data loss prevention (including data encryption), voice encryption (in addition that provided by the network operators), anti-theft (including data wiping) and data backup. The latest generation of mobile phones, such as the iPhone and Google's Android platforms, are having a transformational effect on the way that we access, use and store information. There is no doubt of the business benefit that data-enabled, multi-network (mobile operator and WiFi enabled), always-on mobile devices give us but what are the implications for information security? Does access to company-confidential information on a mobile phone give us cause for alarm and by allowing employees to use their own phones for business are we opening up a compliance can of worms? Who owns the data? © 2010 Elsevier Ltd. All rights reserved.