How to Plan for Smartphone Security in the Enterprise - Page 3

Managing connectivity risks

Smartphones present additional security risks to the enterprise when they access internal systems such as e-mail, intranets and access to the Internet. As a result, you need to manage device connectivity to reduce the risk posed by third-party applications, as well as by viruses and malware.

In addition, you should consider how you will control which Web sites users can visit on their smartphone. Usually Web site filtering is accomplished by using a VPN to access the corporate proxy server, which extends the same controls used to control Web site access within the corporation.

This VPN can also be used to access intranet or line-of-business (LOB) applications, just as a laptop user can from the field. Alternatively, some devices can use a local application to perform Web site filtering. However, there is no centralized logging of failures with this approach.

The fact that smartphones can be plugged into a desktop to synchronize data also poses security risks. You should decide whether your organization wants users to plug their smartphones into desktops to synchronize data within the enterprise or to do so remotely. Then you must set security policy accordingly. Keep in mind that even when smartphone synchronization is disabled, a user still can plug the device into a PC or Mac to charge it.

One of the functions that enterprises are integrating with their smartphones is corporate instant messaging (IM). The latest IM solutions also integrate voice over IP (VOIP) and video conferencing. By implementing a corporate IM standard, the company is able to log all conversations, including conversations from the smartphone. The IM functionality can be implemented over the Internet with Secure Sockets Layer (SSL) or via a VPN, depending on the desired configuration.