About the author
As VP of Product at Fulcrum, Coleman leads strategy and development on all product development activities – from concept and engineering through marketing and growth.
Nearly all our users run businesses and rely on their mobile devices to store protected company data. We prioritize security and provide tools that help users safeguard their work effectively. This article explains techniques on iOS and Android devices that help users protect data while employees work in the field.
Losing a device or experiencing theft poses significant risks, but you can take specific steps to reduce those threats. As a data owner, you must implement technical countermeasures to guard against theft. This article reviews key features on mobile platforms, outlines best practices, and recommends strategies to help IT teams manage over 100 mobile devices securely, even as employees travel worldwide with sensitive corporate data.
Operating system-level security
Passcode locks have long been available on smartphones and tablets, serving as the first step to protect data. They help secure your device from theft or intrusion if it falls into the wrong hands. Many apps, such as banking platforms, Evernote, Dropbox, and Google Drive, include their own passcode locks for added security. Modern devices also offer built-in tools that provide enhanced protection, securing data at a higher level.
Protecting the entire operating system is the most effective way to secure your data comprehensively. All modern smartphones support disk-level encryption, combining hardware and software to encrypt all data on the device. If one app contains private, critical data, it’s likely that many others store equally important information. Disk-level encryption ensures that all your data remains secure, regardless of the specific apps you use.
Apple’s A7 chipset, which introduced the “Secure Enclave” for Data Protection
On iOS, ever since the release of iPhone 3GS, Apple has enabled built-in hardware level encryption using their Data Protection feature by default whenever you have a passcode lock set up1. This means any time the device is locked, the entire device’s disk is encrypted until the passcode is entered. With Android devices, Android 3.0 introduced full-device encryption, which on that platform is optional, but can be easily enabled through the security settings. With this on, you can even set up your device to prompt for a password on startup.
Password security and device passcodes
Android and iOS support device-level passcodes, making it essential to set one up immediately for security. Both platforms also include settings for “auto-lock” after standby mode, which you should configure promptly. Lower the auto-lock duration to the shortest acceptable time to balance security and user convenience. Remember, security and convenience often conflict, so overly complex systems can discourage users from maintaining proper safeguards. When security measures feel too burdensome, users may disable passwords or choose weak options like “1234.” Excessive security requirements can backfire by encouraging unsafe practices, defeating their intended purpose.
Passphrases
All tablets and smartphones now also support longer passphrase input for securing the device instead of numeric PIN-style codes. It’s recommended, if you can stand it, to use something more complex than 4 digits. Most devices are good about locking out potential guessing attacks, but it’s still a good practice to use stronger passwords. All iOS devices since the iPhone 5S and the iPad Air 2 support Touch ID, Apple’s native biometric fingerprint authentication hardware. Enabling fingerprint access provides an added layer of authorization to passwords that make it easier to use long, hard-to-type passwords (since you don’t have to type them as much), and prevent the all-too-common shoulder surf where someone can nick your passcode on the bus, train, or at your desk.
Review app settings for notification previews to ensure private messages or emails remain hidden on locked devices. Messages containing sensitive information are visible to anyone nearby if notification previews remain enabled on the lock screen. Android provides detailed controls across apps to define “sensitive” information and automatically hide it when necessary. iOS settings for this feature are less streamlined, but many apps offer options in the Notification Center. You can configure these settings to hide preview text in push notifications, enhancing privacy and preventing unauthorized viewing.
Managing tons of devices
One problem that becomes apparent rather quickly in a business environment is how you integrate all these localized, individual-level authentication and security practices into an enterprise IT infrastructure with potentially hundreds of managed devices assigned to staff members. What happens when a field inspector can’t sign in because he doesn’t remember the complex passcode you set up on his iPhone for him? These are some hard challenges given the rate that the technology advances; it’s hard for enterprise management software providers to keep up with what’s new.
Mobility management systems like Soti’s MobiControl product, VMware’s AirWatch, and MobileIron help bridge this gap and provide higher-order platforms for managing dozens to thousands of mixed devices for employees. You can remotely sign in for providing support, install applications, control what can be installed, and handle on-device settings from a centralized control center. These options, naturally, aren’t free, but can be powerful additions to enable enterprises to manage their hardware securely and reasonably.
It’s a hard problem
If security was easy, no one would ever have their data stolen or compromised, but that’s not the world we live in. Establishing secure best practices in an environment with many different device types and versions and a diverse range of technical skill on the user side is a huge challenge. We hope this quick overview was helpful to point you to some of the built-in and ready capabilities of mobile platforms that can mitigate some of the risk inherent in mobile data collection.
Note: Apple publishes an excellent comprehensive guide to the technical security features built into their hardware and iOS.