Organizations Need to Understand The Security Gaps The Mobile Enterprise Presents and Embrace a Combination of Security Tools and Techniques to Bridge these Gaps.
There’s no denying that the enterprise is becoming increasingly mobile. Research indicates that mobile phone sales worldwide rose to 1.5 billion units in 2011 and, according to new data from the Pew Internet and American Life Project, more than half of all mobile phones in the U.S. are smartphones. In addition, a recent Gartner report shows tablet sales on a pace to reach over 300 million units worldwide in 2015 and IDC predicts laptop sales to reach nearly 400 million units worldwide for the same period.
While laptops, tablets and smartphones are becoming our ‘go-to’ devices, creating a boon in productivity, the bring-your-own-device (BYOD) movement is increasing security risk to the corporate network and corporate data.
One of the fundamental problems IT security professionals face when securing their network and digital assets is establishing Information Superiority—leveraging superior intelligence to identify what needs to be protected and the threats to consider when structuring defenses. This becomes particularly challenging in the mobile enterprise.
Identifying What Needs to Be Protected
Employee-owned mobile devices that are accessing corporate resources are outside of the control of the corporate IT function. As a result it can be difficult to identify even basic environmental data for these devices such as the number and type of devices being used, as well as operating systems and applications. A testament to this lack of visibility, in a study conducted by IDC, 40% of IT decision makers say that workers access corporate information from employee-owned devices, but in stark contrast more than 80% of employees indicate they access corporate networks this way. To protect their corporate assets organizations need to close this gap.
Identifying the Threats to Consider When Structuring Defenses
The fact is that mobile devices introduce security risk when used to access company resources; they easily connect with third-party cloud services and computers whose security posture is potentially unknown and outside of the enterprise’s control. In addition, mobile malware is growing rapidly which further increases risk. Research indicates malware targeting Android-based devices has increased by nearly 500% since last summer. Given the lack of even basic visibility as discussed above, most IT security teams certainly don’t have the capability to identify potential threats from these devices.
In order to gain the Information Superiority advantage in a mobile world, IT security professionals must be able to see everything in their environment, understand whether it’s at risk, and then protect it. Here are a few steps to take to help maintain control of your network.
First, identify technologies that provide visibility into everything on your network – devices, operating systems, applications, users, network behaviors, files as well as threats and vulnerabilities. With this baseline of information you can track mobile device usage and applications and identify potential security policy violations.
Second, leverage technologies that help you apply security intelligence to data so you can better understand risk. From there you can evaluate mobile applications to determine if they are malware and even identify vulnerabilities and attacks targeting mobile assets. Third, identify agile technologies that allow you adapt quickly and take action to protect systems in rapidly changing mobile environments. On the corporate side, create and enforce policies that regulate what data can be transmitted to BYOD users. For employee-owned devices, it may be useful to lock down your organization’s network or computers (laptops, desktops, servers) with capabilities like application control. Consider approved applications that can be used by employees to remotely access their desktop computers back in the office from their tablet while travelling. While you may not be able to limit the installation of an application on the device, you can prevent it from running on corporate-owned computers.
The BYOD movement has only just begun. While the productivity, efficiency and convenience benefits are significant, we must open our eyes to the security gaps the mobile enterprise presents and embrace a combination of security tools and techniques to bridge these gaps. Only then can we tip the scales of Information Superiority in our favor and secure the mobile enterprise.
Related Reading: In the Battle Against Cyberattackers, Information Superiority Wins