Analysis: Five security tips for smartphones in the enterprise

Amongst all the fanfare from the release of the 3G iPhone, business users were particularly interested in the fact that it was much better positioned to be used for enterprise, thanks to new business tools and capabilities such as the push email.

This has focused more attention on the incorporation of smartphones into business networks, which in the future looks to be a necessity thanks to modern day workers needing to perform many tasks on the move.

RIM's Blackberry has been the business smartphone of choice for a while, with its ability to perform corporate tasks and its functionality.

However, a new generation of smartphones such as the iPhone but also devices like the Nokia N71 and the new series of Blackberrys are capable of doing much more. These phones have features such as the ability to access the net using 3G, watching videos and downloading third party applications which have its own inherent risks.

It is also clear that smartphones will carry more important and confidential corporate information than ever before such as internal communications, customer contacts, financial information as well as intranet systems and networks.

In the wrong hands it could cause huge damage to business, and IT departments around the world are going to have to deal with new problems and a bigger strain on networks.

In response, IBM Internet Security Systems released a five point plan which IT administrators need to keep in mind when attempting to incorporate the technology into their enterprises.

1 - Enforce strong password policies

If the smartphone was lost or stolen, strong passwords could mean the difference between the loss of a phone and the loss of sensitive data which could cost business financially and destroy reputations. It was advised that business smartphones needed to be configured to lock screens after a period of inactivity, and passwords be complicated and changed on regular basis.

2 - Protect smartphone VPN access

Attackers are capable of exploiting vulnerabilities in smartphones and infecting them with malware, which in turn can transfer through VPN connections through to intranet resources. IBM said that smartphone servers and VPN egress points should be placed on a network which is firewalled from the rest of the internet. Connections coming from the phones should be monitored with intrusion protection systems and access from smartphone VPNs restricted to servers that are really needed by users.

3 - Establish procedures for employees to follow

It is possible for sensitive data to be wiped from smartphones remotely from the enterprise server if they are lost or stolen. It was recommended that a contact point for employees who had lost their phone so data could be wiped and a replacement be sent.

4 - Control the installation of third-party applications

Smartphone users will be tempted in downloading productivity applications or other files which carry malware or a back door. Businesses needed to consider restrictions on these types of third party applications, especially if they are not digitally signed.

5 - Evaluate smartphone anti-virus solutions

Although there are few malware threats on smartphones at the moment, there are anti-virus solutions on offer. As the popularity of smartphones increase, so will the malware that targets them. Businesses needed to monitor constantly in determining which mobile phones needed to be included in host based security deployments.