Rethinking enterprise mobile security



Embracing the digital revolution is unavoidable for businesses. It has brought great advantages with it too, such as anytime, anywhere communications and the storage of vital and personal information for use in our work and personal lives. It has also provided greater flexibility in where and how we work and communicate, making things much easier for us.

However, it is important to acknowledge security aspects when evaluating mobility policies in particular. Cyber attacks are on the increase and will continue in their complexity and frequency. We hear about serious breaches on a daily basis. This can range from password leaks or mobile phone hacks to international scale bugs. I often find that in the corporate world, many recognise the threats but fail to implement any strategy, let alone take tangible action. The good news is that there are steps that can be taken by businesses to drastically improve mobile security.

Evaluate what is needed from BYOD

Your first step should be to consider what is appropriate for BYOD and mobile devices within your organisation and then integrate secondary strategies. These include policies for those that travel to foreign countries, providing them with clean, controlled devices for that aspect of the business. Remember too, that you have a duty to instill in the younger generation a sense of responsibility for the use of mobile IT, whether on a personally-owned device or one supplied by the organisation.

Select the correct device

Related: BYOD not without problems

It is important to carefully evaluate the devices which will be integrated into the business. The mobile industry has by now proved it can provide businesses with secure services. Selecting the correct devices should make the technology simple and easy to use for IT managers and the workforce. Products that deliver flexible security by default, rather than leaving it to the user to opt in, allow businesses to avoid threats which are often unknown and allow attackers to siphon data out without any knowledge of the user.

Prioritise education

There is plenty of very useful guidance out there for users and suppliers. Unfortunately it still has an air of complexity that puts many off even considering it. Knowledge that is fresh, thoughtful and easy to digest by the workforce is invaluable. Supplying in-house training conveys a sense of real assurance to users.

Avoid isolating security

Related: IBM's silicon human brain: more cat and mouse than human

IT managers can help businesses by considering mobile devices as part of their overall security strategy and not just in isolation; they have to be integrated into your services and must not compromise security in other parts of the infrastructure. Balance users demands with those of the business. The latter must, however, take precedence.

Invest in applications

There are also applications available to businesses which can manage security risks and make sure security goes everywhere your data does, protecting every point in your expanding mobile environment. Mobile security architecture that operates at the device, application and network tiers can enforce the security policies, as well as automatically detecting potential threats and intelligently adjusting security settings to mitigate risk. This architecture can also provide employees with secure and encrypted access to specific business applications from their smart device and to all corporate applications, logging all mobile application traffic for compliance and reporting purposes.

Businesses must do more to stay ahead of growing security risks. They must take the time to educate staff and users; they need to invest wisely in people, as well as balance risk, usability and costs. Many businesses are ignoring these basic principles and putting themselves and their customers at unnecessary risk. The threats to users of digital services, whether mobile or fixed, will by statistics alone increase proportionally to the consumption of services. Moreover criminals will see the lack of security in these services as prime targets for their activity, unfortunately the sense of remote "disconnectedness" and lack of any physical relationship to information leaves many with a false sense of protection that can be readily and easily exploited.

There is no question that security risks will continue to develop in the mobile industry. Businesses can, however, avoid and prepare for these risks by implementing an intelligent mobile IT strategy.

David Robinson is the CSO and director of the information security business unit at Fujitsu




More

Apple and Google enabling cop-proof encryption

Google has announced that new versions of Android will automatically enable encryption by default, and like Apple they say it will protect people from the police.

NVIDIA Launches New GPU and Proves We DID Land On the Moon

Maxwell in NVIDIA’s new impressively powerful GPU, they used a desktop graphics card to prove that the moon landing photo that many believed was taken in a studio, and not on the moon, wasn’t a hoax.

Qualcomm Moves to Change the World and Create Real Superheroes

In Qualcomm's future your cell phone not only connects and can stream through all your TVs and Music devices if you want a tune you have on your phone on any music device in any room at any time you just push it there.