Network administrators are seeing their control of mobile devices dwindle, even as security risks are growing by leaps and bounds. Much of the hype lately has been around iOS- and Android-based devices, but what about Windows Phone 8 security in your enterprise?
Microsoft's mobile strategy is unpredictable at best, and you may not even have plans for Windows Phone 8 management and support. The thing is, people are going to use such devices anyway, so you should plan accordingly.
Consider the following to help keep Windows Phone 8 systems in check:
- What business goals are you trying to accomplish? Do you have specific needs or information-risk standards that must be met before mobile devices, including Windows Phone 8, are allowed on the network for ActiveSync, Internet connectivity, file access and so on?
- Do you know just how many Windows Phone 8 devices are being used in your environment right now? Don't fret; no one else knows either. It would be good to find out so you can look for mobile products that support Windows Phone 8 security.
- How are users synching and backing up their Windows Phone 8 systems? Do they have the proper tools that are reasonably secure? A common oversight I see in this area is the lack of password protection and people storing Windows 8 phone data on unencrypted laptops. It's a data breach waiting to happen. Many users will say they don't have anything of value on their phones, but they do. It's usually in the form of email, unstructured files (i.e., .xls, .pdf, .doc) and virtual private network and Remote Desktop Protocol connections.
- What passwords, system updates and anti-malware capabilities encryption (especially with microSD cards) will you require for Windows Phone 8-security? Will existing security standards even apply to this platform?
Also keep in mind that mainstream support for Windows Phone 8 is set to end in July 2014. Wow, didn't Windows Phone 8 just come out? Regardless, when support stops, so do the security updates for Windows Phone 8 devices.
So, do you develop a mobile security strategy focused solely on Windows Phone 8? Perhaps wait around for Microsoft to release "Windows Phone Blue" and then develop your requirements? I say no to both. The best rule of thumb is to not focus your efforts solely on Microsoft, but rather on mobile devices in general.
Various mobile platforms are undoubtedly being used in your organization, so look at the bigger picture with regard to mobile security. Most common-sense security controls apply across the board -- regardless of platform. Mobile device management and mobile security vendors such as Fiberlink, Mobile Active Defense and AirWatch support Windows Phone 8, so you can use these technologies to your advantage as well. I highly recommend doing this.
Whether or not you officially support multiple mobile platforms including Windows Phone 8, they're here to stay. You'll need to work with others in your organization to come up with a mobile security strategy that best fits your corporate culture.
In the face of the bring your own device (BYOD) trend, IT has learned that it cannot control loss and theft, but that's not all bad. Windows Phone 8 systems are consumer-focused like their competitors and can still be subject to some IT control. When a mobile device sprouts legs, that doesn't have to equate to a business loss, if you take reasonable steps to minimize the potential impact.