Mobile Device Security

The proliferation of mobile computing devices presents a significant opportunity and risk.  Mobile devices may contain sensitive or confidential information.  The security of mobile devices is often voluntary or unmanaged in most organizatoins and therefore, a vulnerability. The best security for mobile storage such as a laptop drive or USB drive is not using mobile storage.  Many organizations have secure, shared storage.  However if it is necessary,  many encryption security tools are available for securing data on mobile devices.  The following are a few examples.

  • BitLocker: BitLocker is a Microsoft encryption tool available in Windows 7 Enterprise Edition. BitLocker can encrypt laptops, desktops and USB jump drive devices. BitLocker integrates with Active Directory allowing for basic reporting and auditing. However, if the password is lost, data will be unrecoverable. BitLocker supports Windows 7 and Vista, with read only capacity in XP. 
  • TrueCrypt: A free, open-source multi-platform encryption software tool. It runs on multiple platforms. It has no central network based administrative controls. Therefore, if the password is lost, data will be unrecoverable. TrueCrypt supports multiple platforms including laptops and desktops running Windows 7/Vista/XP, Linux and Macintosh operating systems. It can encrypt USB devices and external drives. Also, TrueCrypt does not provide basic reporting and auditing and therefore may not meet certain regulatory requirements.
  • IronKey:  A USB storage device that has hardware based encryption. Although IronKey has no central reporting, it does have a mechanism to recover passwords using the IronKey secure website.

The most prevalent mobile device threat is email account access.  Mobile device access typically allows access to email accounts.  Many applications will reset a password via an email account.  Therefore email account access can compromise application security.  This is another reason why mobile device security is important.  Use a password to secure your mobile device (iPhone, iPad, Android, etc.).

Organiztions need to consider Mobile Device Management (MDM) as a security measure.  In the meantime, users should become familiar with remote wipe and remote lock features such as Apple offers through iCloud.