Governments and enterprises are more concerned than ever about the safety of personal information on their mobile devices — and rightfully so. Today’s smartphones contain some of our most sensitive information, including credit card numbers, text messages, contacts, photos, passwords, location tracking software and details about users’ behaviors and search histories.
The proliferation of mobile computing means that we’re storing more important information on our devices than ever before. Then we take that data with us wherever we go, so that we can constantly be productive and connected from any location.
Leading part of an organization that has worked with governments and enterprises around the globe, my team and I have a unique perspective on what policies and practices are required to ensure that sensitive data is safeguarded. There are five principles to help guide the implementation of smart, secure solutions from our perspective:
Secure mobile communications. Mobile solutions must have end-to-end encryption so that data can travel safely through vulnerable channels. The mobile technology industry must refrain from implanting “back doors” into their programs that could allow federal agencies or hackers to break into their otherwise secure platforms. Companies should feel confident that their mobile providers are not colluding with the government to access secure mobile systems. For example, my company, BlackBerry, intentionally developed our technology with no back doors embedded in our mobile security communications protocols.
Establish standards. Governments around the world should consider enacting policy that creates industrywide mobile security standards. For example, some of the Federal Information Processing Standards were developed by the U.S. government for use in computer systems by all government contractors and nonmilitary agencies as a way of establishing a common baseline for encryption. Adherence to these standards provides the assurance that the information of an organization is trusted and suitable for use by some of the most security-conscious organizations in the world and is an essential cornerstone in developing the necessary trust and confidence in the online economy. As workers merge their private and business lives on their mobile devices, this principle becomes essential to their safety and livelihood.
■ Understand the BYOD environment. The mobile technology industry must work with government to increase protections around the growing bring-your-own-device (BYOD) movement. Companies and government agencies are increasingly allowing their employees to use their personal smartphones for work-related communications and, as a result, consumers are carrying sensitive personal and business data with them everywhere we go. To increase security and prevent accidental data loss, it is critical that organizations provide users with solutions that keep their work and personal spaces separate. New technologies are essential to create a dual-persona BYOD experience that separates personal and work data to increase privacy.
Lead by example. Government users can lead by example in actively promoting industry best practices for mobile security. Members of Congress and government agencies should work jointly to issue public service announcements and spearhead consumer-focused mobile safety campaigns. Campaigns should focus on the importance of being diligent in protecting personal mobile devices. Consumers can drastically improve their mobile safety by following tips such as using strong passwords, being mindful of private credentials when accessing public Wi-Fi connections, and following best practices for physical device security, including using the lock function on mobile devices and frequently changing passwords.
Stay ahead of the curve. It’s no secret that technology is changing rapidly. Members of the mobile technology industry must work cooperatively with the government to ensure comprehensive security solutions for all consumers. To guarantee that consumers and enterprises are aware of the latest security solutions, it is vital to support ways for the industry and government to share knowledge and best practices. Public-private partnerships or task forces composed of experts from the public and private sectors should be formed to discuss these issues and make recommendations on how to mitigate challenges. For example, the FIDO (Fast IDentity Online) Alliance is a successful industry consortium whose members commit to share technology and collaborate to deliver open specifications that enable authentication methods to be interoperable, more secure and private, and easier to use. Government could significantly benefit by partnering with organizations such as the FIDO Alliance.
Policymakers, enterprises and consumers alike all understand that it is imperative for our global networks to be protected and secure from all types of attacks before we find ourselves in a time of crisis. Having worked on these issues for many years, we feel certain that everyone could benefit from a more streamlined and collaborative approach to data security.
Scott Totzke is senior vice president of BlackBerry Security.