Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Enterprises Need More Than MDM to Address Mobile Security Risks: Analysis

When it comes to bring-your-own-device (BYOD) and mobile security, organizations are often shortsighted, focusing only on protecting corporate data stored on mobile devices. This narrow view prevents information technology and security professionals from responding to incidents effectively.

When it comes to bring-your-own-device (BYOD) and mobile security, organizations are often shortsighted, focusing only on protecting corporate data stored on mobile devices. This narrow view prevents information technology and security professionals from responding to incidents effectively.

Enterprise Mobile Security Threats

Organizations need to expand their mobile worldview to include data leakage, insider threats, and mobile malware and develop incident response plans that consider mobile devices, according to the latest report from GigaOm Research, released Tuesday.

They need to be able to see what is happening across mobile devices, detect security incidents, and resolve incidents effectively, all things that mobile device managements systems are not designed to handle.  Along with improved incident response, organizations need to beef up their forensics capabilities to extract valuable data from mobile devices in the case of a security incident, the report suggested.

“With the increase in mobile incidents, complicated by the sheer volume and diversity of devices and terabytes of data, security solutions with visibility and capabilities to detect and resolve incidents are in dire need,” wrote the report’s author Michael Finneran.

Some of the biggest challenges facing organizations center around the collection of data on mobile devices and analyzing the data, which can be time- and resource-consuming, Lee Reiber, vice-president of mobile forensics at AccessData, told SecurityWeek. The GigaOm Research report was commissioned by AccessData, who is working on a mobile forensics tool designed to help with incident response.

“Our advice is for companies to implement security plans and enterprise technologies that incorporate proactive mobile prevention, detection and response, to gain greater visibility and control of their mobile data and devices,” Reiber said.

Not Understanding the Risks

Information technology and security teams failed to grasp the extent of security exposure organizations face as employees moved away from using BlackBerry devices in favor of less secure mobile devices, the report found. And the actions they took because of that misunderstanding have proven insufficient to protect the organization in the case of an incident.

Advertisement. Scroll to continue reading.

Many organizations are “taking virtually no steps” to ensure that mobile devices accessing corporate data are actually secure, according to the report. Even worse, few organizations have procedures and plans in place for a “meaningful response” in case of a security incident. The report cited a recent InformationWeek survey where 83 percent of respondents said their organizations supported BYOD, or were in the process of developing a program. That survey also found that less than half, or 46 percent, of those organizations required employees to run an MDM client. Even more worrying, 43 percent of those organizations trusted users to follow published guidelines and did not enforce the rules, a practice the report called, “a rather questionable approach to data security.”

Enterprise Mobility

Many organizations “rely too heavily” on MDM and MAM systems when MDM should only be one part of a comprehensive security plan, Finneran warned. A bigger issue is that MDM may be giving IT departments a false sense of security because they think they are taking all the necessary preparations to secure mobile devices and corporate data.

Focus on Incident Response

Data protection is never 100 percent effective, and security teams need to be able to detect and respond to incidents quickly, the report said. Even if mobile devices are involved, the incident may be detected through routine monitoring of system logs and intrusion detection systems, alerts from traditional endpoint threat detection mechanisms, or notifications from third parties such as law enforcement. This is why overall incident response plans have to be expanded to consider mobile, the report said.

“If one does not exist, organizations should immediately set about developing a written mobility policy that spells out the rules, roles and user responsibilities with regard to mobile devices that can access corporate systems,” Finneran wrote in the report. The underlying plan should cover security, prevention, detection, and response in relation to mobile devices. “Particular attention should be paid to preparing for rapid incident detection and response, as virtually any system, fixed or mobile, can be compromised or experience a data leakage incident.”

The incident response plans also need to be practiced so that when a real incident occurs, the teams involved know what to do and can act quickly to resolve the situation.

A steering committee consisting of IT, information security, legal, human resources, and key business units should have oversight over the mobility policy and the incident response plan. The committee is also responsible for keeping c-level executives informed about security threats, the report said.

The report acknowledged that preventing security incidents is important, but organizations can’t ignore the importance of incident response and planning. A “full featured integrated network and endpoint forensics, malware analysis, removable media monitoring, and endpoint event capture and replay capabilities are crucial to truly identify and resolve incidents fully and rapidly, thereby minimizing risk exposure,” the report concluded.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Email Security

Many Fortune 500, FTSE 100 and ASX 100 companies have failed to properly implement the DMARC standard, exposing their customers and partners to phishing...