Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

How Are You COPEing With Mobile Security?

In the quest to harness the business advantages mobile provides, many organizations have opened their networks and data up to mobile devices. What companies are failing to come to grips with is that, in many cases – especially in BYOD scenarios – they are assuming massive risk that could ultimately lead to a damaging, costly breach.

In the quest to harness the business advantages mobile provides, many organizations have opened their networks and data up to mobile devices. What companies are failing to come to grips with is that, in many cases – especially in BYOD scenarios – they are assuming massive risk that could ultimately lead to a damaging, costly breach.

In this era of constant innovation, when the new becomes tradition virtually overnight, businesses need to be agile in order to adapt to the tides of change brought on by technology. The most recent technology innovation that has redefined the workplace is, without a doubt, the mobile device. Employees have embraced the freedom that mobile devices have brought them, and employers have embraced their productivity value.

In the quest to harness the business advantages that mobility provides, many organizations have opened their networks and data up to BYOD, which has taken off with rocket-like speed. Organizations are accepting BYOD into their environments because they need mobile capabilities, and because employees are demanding the ability to manage their lives and work on their device of choice. In some cases, employees are footing the bill, and organizations are simply unaware of effective alternatives.

Many companies jumping on the BYOD bandwagon are failing to realize that in most cases it carries with it control and security issues that could snowball into devastating, costly breaches and compliance violations. These organizations are, in a sense, placing perceived reward well ahead of risk.

Enterprise Mobile ModelsHowever, organizations that want to leverage mobile advantages no longer have to assume the extreme risk that BYOD drives. Today, there are mobile technologies available that enable nimble workforces, allow for centralized control and security, and satisfy their employees’ demand for mobile devices that allow them to work and play – all within the confines of security and compliance.

This is accomplished through Company Owned, Personally Enabled devices (COPE). In the COPE scenario, employers own the mobile devices (for example, laptops, smartphones, and tablets) and issue them to employees, who are allowed to use them for work and personal affairs. Because they are company owned, they provide a high-degree of centralized control and monitoring while allowing employees to install consumerized, personal-use applications.

Within any IT purchasing decision process, cost is always a factor that organizations need to consider. In the case of BYOD vs. COPE, decision-makers need to take a “long-term cost vs. benefit” view.

Although implementing a mobile strategy based on COPE devices is initially more costly than allowing BYOD, dealing with a security breach that interrupts production will ultimately cost an organization more than an initial investment in company-owned, company-controlled devices. This is an assertion supported by data, including the most recent Ponemon Cost of a Data Breach Study that pegs the average organizational cost of a data breach at $5.5 million. With COPE devices, IT can ensure that certain precautions are in place, such as drive encryption or anti-malware software.

Advertisement. Scroll to continue reading.

With BYOD a costly breach is inevitable. Employees using their own devices for work are accessing applications, storing passwords, downloading corporate data, taking pictures, and sending and receiving text messages and emails that can potentially involve sensitive corporate materials — all outside of the control and visibility of their employers’ security teams. How is an IT department supposed to control its environment when it has no idea who is accessing what and when? Quite simply it can’t, which is why BYOD has “out of IT’s control” written all over it. And when a situation gets out of IT’s control, disaster is sure to strike.

The bottom line is that, if your organization wants to take full advantage of mobile, satisfy employees’ desires for personal-use devices, and protect itself against insider threats, it should authorize only devices that allow IT to exert central control and monitoring.

If your organization has recognized a need for mobile and security and compliance concerns are a high priority, when shopping for devices MAKE SURE these four baseline features are available:

1. Centralized control, configuration and management

2. Interoperation with software that monitors employee activities and provides real-time alerts for risky behaviors

3. Records of websites visited, emails and chat sessions and applications accessed

4. Digital, video-like playback of all activities that take place

There are certainly additional points you will want to consider when choosing mobile devices for your environment, but these four are a good starting point. With effectively controlled mobile devices, more and more possibilities open up. A company can reach a point where it can mobilize an entire workforce, making employees as agile as possible while still being able to COPE with security and compliance.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

The February 2023 security updates for Android patch 40 vulnerabilities, including multiple high-severity escalation of privilege bugs.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Cybercrime

A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.