MOBILITY
SMART POLICIES FOR SMARTPHONES
Boosting productivity involves striking a balance between flexibility and security.
SPONSORED CONTENT
YASIR AZIZ
SENIOR DIRECTOR, END USER SALES FOR SAMSUNG KNOX, SAMSUNG BUSINESS
THE USE OF mobile devices—
whether phones, tablets or wearables— is increasing across all sectors, giving employees unprecedented flexibility and productivity opportunities.
But these devices also create new security concerns. As a result, IT leaders face a difficult need to balance flexibility, productivity and security when designing policies for mobile technology solutions.
For government agencies, this dilemma is particularly acute. Government leaders need to implement technology policies that help agency staff do their jobs at home, on the road or in the office. They also have a unique obligation to secure the mobile platforms agency employees use to access sensitive government data.
As mobile device management evolves
to focus less on devices and more on applications, agency IT executives are increasingly asking themselves, “How do I give mobile users the ability to do their jobs without compromising security or creating potential data leaks?”
Government agencies have traditionally answered this question in three different ways. First, agency IT teams tested policies by tailoring them to specific users before applying them across the enterprise. For example, agencies typically have a general user population that only needs mobile access to email and calendars. But other users may need to use a range of applications. The breadth and depth of the policies designed for that group will vary significantly from those designed for the general population.
Second, many agencies have imitated the Department of Defense—specifically the Defense Information Services Agency (DISA)—guidelines for the specific settings and policies that allow mobile devices and associated platforms to connect to DOD networks. These are referred
to as Systems Agency Security Technical Implementation Guides, or STIGs.
And third, government agencies have enforced security policies—such as disabling Bluetooth—at the hardware layer as well as
the software layer. Whether users are on a mobile device or a desktop PC, these policies can greatly reduce the risk that employees will unintentionally leave sensitive data unsecure.
While these three approaches can address the security concerns, they are all imperfect solutions. Each approach can potentially interfere with how employees use their mobile devices outside work, hampering ongoing
use of the device. Agencies must not lose sight of the fact applications are what make people more productive. If employees feel they cannot use applications productively on their current devices, they will switch to a different—and often less secure—device.
For IT organizations, there is another option—one that balances conflicting produc- tivity and security needs. Containerization creates a firewall-protected app container within the mobile device to protect all sensi- tive work apps (email, calendar, contacts, and so on). Meanwhile, the user can still down- load and use other applications for personal use. For an extra layer of security, IT manag- ers can also whitelist personal applications.
By ensuring maximum data security and maximum user flexibility, containerization is the best approach to mobile device management in a choose-your-own-device or bring-your-own-device environment. It provides the dual-persona device configuration that ensures complete separation and protection of data—giving government employees the productivity they want and providing IT decision-makers in a highly regulated public sector the security they need.
Yasir Aziz is Senior Director of End User Sales for Samsung Knox at Samsung Business.
S-22