Smartphones need smart security practices

1 2 Page 2
Page 2 of 2

"Let's say a person working with us has a laptop full of confidential information, and he gets terminated," Henze says. "With digital rights management, the device would check in with the authentication server to see if he's still a legitimate user, and if he isn't, he wouldn't be able to read those files anymore." This works better than remote wipe, he says, because if files are stored on a removable card, there is no way to delete them.

There have been concerns from some users about the Big Brother aspect of having IT monitor their phones. However, this concern is outweighed by the fact that IT can provide better service when it comes to new phone deployments, replacements and remote troubleshooting, Henze says. For instance, IT will be able to configure a new phone right after it's purchased, rather than taking three or four days. "They'll be up and running in no time, and when that happens, they'll appreciate it," Henze says.

In the end, there's no single means of maintaining security as more and more smart phones enter the enterprise, whether they're issued by the company or brought in by employees. But what's certain, says Winthrop, is that you can't just give employees free rein. It's not uncommon for IT to allow individuals to be responsible for their own devices, or even encourage the idea. But in the end, he says, it's the employer that's liable if data gets leaked.

"There's a fascinating issue here, in that employees don't think too long or hard about which laptop they're going to get," Winthrop says. "But they're absolutely going to ask 'Why did or didn't they give me a BlackBerry?' or 'Why can't I bring in my iPhone?' or 'I wonder if I can get a [Palm] Pre?' " But even if organizations want to cater to every user's desire, he says, they need to take into account the need to manage the devices and the information that passes through or is stored on them.

In fact, smartphones should be viewed not as phones, but as PCs that happen to make phone calls, Winthrop says.

According to Henze, that notion has turned the world inside out. "In the old days, there was the Internet, the intranet and the internal corporate network," and each was distinct from the other. But today, with miniature yet powerful mobile devices carrying data wherever a person can go, "the egg is scrambled," Henze says. "Data sits wherever, and it's much more difficult to get ahead of it."

Brandel is a Computerworld contributing writer. You can contact her at

This story, "Smartphones need smart security practices" was originally published by Computerworld.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2010 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2