Modernizing Authentication — What It Takes to Transform Secure Access
The current bring-your-own-device (BYOD) business environment has made it essential for companies to have a solid strategy in place to manage an influx of the latest device or new software update. Of course, there is no one-size-fits-all solution for enterprises weighing the risks and benefits of implementing iOS 5 (or any new device or software update for that matter).
Solutions vary based on industry, company size, and individual business needs in general. However, there are steps you can take to ensure the new Apple iOS 5 software does not comprise the security and performance of your network.
Here are five tips CIOs can use as they begin to strategize about the most recent Apple iOS 5 update and others sure to follow:
Understand your network - It is crucial for IT departments to have full knowledge of everything that is running on or has access to the company network. You’ll be surprised just how many IT departments don’t know this information. If you’re not fully aware of every device and software with corporate network access, then iOS 5 is not even an issue -- since other unknowns are running with network access.
If you don't ensure IT has a strong handle of everything on their network, you are setting yourself up for serious problems down the road; many of which will have nothing to do with iOS 5. A robust enterprise device management platform is an absolute requirement and will provide valuable insight into devices, OS’s and apps running on your network.
Administer minimum security measures - Developing minimum network security requirements is a simple step CIOs can take to safeguard their enterprise. Before green lighting any new software or hardware, including iOS 5, it is critical to establish company wide security requirements.
At a bare minimum, every business should enforce mandatory password protections and have the capability to wipe corporate data from a device on a 24/7 basis. For highly competitive industries, these security measures need to be more stringent to ensure sensitive company data is not disclosed.
Standardize device policies and procedures - Software security and performance must be tested before allowing iOS 5 access to your network. A good strategy would be to develop a company-wide list of approved software and devices.
With every new iOS release, test it in a lab environment before whitelisting it. Send a text message to Apple users requesting they refrain from downloading the iOS 5 update until IT determines its acceptability. If anyone downloads the software before the approval process is complete, you can automatically disconnect the device from the enterprise network. Keep in mind that you should test the software in a timely manner. Otherwise, employees will almost certainly ignore the embargo and download the update.
Get a handle on apps - When implementing iOS 5, an application whitelist is equally as an important -- if not more important -- as an approved software and device list. Keep in mind that this is less about regulating time spent playing Scrabble and Sudoku and more about safe-guarding your network from rogue apps. These applications may discretely tunnel into the network and retrieve confidential company data.
The best way to prevent rogue apps is to develop and maintain a corporate app store, which becomes the only place employees can download apps for use on the company network. Employees can recommend and request apps for inclusion in the company app store.
Close gaps in security - iOS 5 comes equipped with two new features -- iCloud and iMessage. iMessage is of particular importance because of how its functionality can potentially conflict with Sarbanes-Oxley Act compliance. iMessage allows users to bypass a cellular network for instant messages, effectively eliminating associated texting fees.
While this is certainly attractive, keep in mind that that iMessage does not archive messages, thus causing concerns with compliance requirements. It is worth enforcing a strict policy that prevents employees from using iMessage (or any non-archiving communications forum) for business correspondence. That way, you can avoid any unnecessary complications with compliance rules should they arise.
The second notable feature, iCloud, offers capabilities that enable users to store all phone data in the Apple cloud. This can pose a threat to companies, especially if sensitive corporate files are stored in this cloud. In general, companies should disable unauthorized cloud capabilities to ensure corporate data can be accessed by the appropriate company authorities. Personal files can reside in the cloud, however.
Dan Croft is CEO of Mission Critical Wireless, a leading global enterprise mobility management services provider.