CONFERENCE Cyber AI & Automation Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Information Superiority for the Mobile Enterprise

Organizations Need to Understand The Security Gaps The Mobile Enterprise Presents and Embrace a Combination of Security Tools and Techniques to Bridge these Gaps.

Organizations Need to Understand The Security Gaps The Mobile Enterprise Presents and Embrace a Combination of Security Tools and Techniques to Bridge these Gaps.

There’s no denying that the enterprise is becoming increasingly mobile. Research indicates that mobile phone sales worldwide rose to 1.5 billion units in 2011 and, according to new data from the Pew Internet and American Life Project, more than half of all mobile phones in the U.S. are smartphones. In addition, a recent Gartner report shows tablet sales on a pace to reach over 300 million units worldwide in 2015 and IDC predicts laptop sales to reach nearly 400 million units worldwide for the same period.

Protecting Mobile EnterpriseWhile laptops, tablets and smartphones are becoming our ‘go-to’ devices, creating a boon in productivity, the bring-your-own-device (BYOD) movement is increasing security risk to the corporate network and corporate data.

One of the fundamental problems IT security professionals face when securing their network and digital assets is establishing Information Superiority—leveraging superior intelligence to identify what needs to be protected and the threats to consider when structuring defenses. This becomes particularly challenging in the mobile enterprise.

Identifying What Needs to Be Protected

Employee-owned mobile devices that are accessing corporate resources are outside of the control of the corporate IT function. As a result it can be difficult to identify even basic environmental data for these devices such as the number and type of devices being used, as well as operating systems and applications. A testament to this lack of visibility, in a study conducted by IDC, 40% of IT decision makers say that workers access corporate information from employee-owned devices, but in stark contrast more than 80% of employees indicate they access corporate networks this way. To protect their corporate assets organizations need to close this gap.

Identifying the Threats to Consider When Structuring Defenses

The fact is that mobile devices introduce security risk when used to access company resources; they easily connect with third-party cloud services and computers whose security posture is potentially unknown and outside of the enterprise’s control. In addition, mobile malware is growing rapidly which further increases risk. Research indicates malware targeting Android-based devices has increased by nearly 500% since last summer. Given the lack of even basic visibility as discussed above, most IT security teams certainly don’t have the capability to identify potential threats from these devices.

In order to gain the Information Superiority advantage in a mobile world, IT security professionals must be able to see everything in their environment, understand whether it’s at risk, and then protect it. Here are a few steps to take to help maintain control of your network.

Advertisement. Scroll to continue reading.

First, identify technologies that provide visibility into everything on your network – devices, operating systems, applications, users, network behaviors, files as well as threats and vulnerabilities. With this baseline of information you can track mobile device usage and applications and identify potential security policy violations.

Second, leverage technologies that help you apply security intelligence to data so you can better understand risk. From there you can evaluate mobile applications to determine if they are malware and even identify vulnerabilities and attacks targeting mobile assets. Third, identify agile technologies that allow you adapt quickly and take action to protect systems in rapidly changing mobile environments. On the corporate side, create and enforce policies that regulate what data can be transmitted to BYOD users. For employee-owned devices, it may be useful to lock down your organization’s network or computers (laptops, desktops, servers) with capabilities like application control. Consider approved applications that can be used by employees to remotely access their desktop computers back in the office from their tablet while travelling. While you may not be able to limit the installation of an application on the device, you can prevent it from running on corporate-owned computers.

The BYOD movement has only just begun. While the productivity, efficiency and convenience benefits are significant, we must open our eyes to the security gaps the mobile enterprise presents and embrace a combination of security tools and techniques to bridge these gaps. Only then can we tip the scales of Information Superiority in our favor and secure the mobile enterprise.

Related Reading: In the Battle Against Cyberattackers, Information Superiority Wins

Written By

Marc Solomon is Chief Marketing Officer at ThreatQuotient. He has a strong track record driving growth and building teams for fast growing security companies, resulting in several successful liquidity events. Prior to ThreatQuotient he served as VP of Security Marketing for Cisco following its $2.7 billion acquisition of Sourcefire. While at Sourcefire, Marc served as CMO and SVP of Products. He has also held leadership positions at Fiberlink MaaS360 (acquired by IBM), McAfee (acquired by Intel), Everdream (acquired by Dell), Deloitte Consulting and HP. Marc also serves as an Advisor to a number of technology companies.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Shanta Kohli has been named CMO at Sysdig.

Cloud security firm Sysdig has appointed Sergej Epp as CISO.

F5 has appointed John Maddison as Chief Product Marketing and Technology Alliances Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.