Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Let’s Make Mobile Security Easy

Not a week goes by that I don’t speak to an enterprise struggling with mobile security. From what to support to how to ensure the security of mobile apps and data, enterprises are banging their heads against the wall to find a solution to secure mobile.

Not a week goes by that I don’t speak to an enterprise struggling with mobile security. From what to support to how to ensure the security of mobile apps and data, enterprises are banging their heads against the wall to find a solution to secure mobile.

We often make things harder than they have to be by securing everything, when some things just aren’t as important as others. Often times, the steps we take to secure our mobile devices do not provide management or security benefits. They’re simply, “security theater,” or measures intended to provide the feeling of improved security while doing little or nothing to actually secure, like some of our favorite airport “security” practices.

Last week I spoke with a company rolling out a MDM product as THE mobile security solution. The company was concerned about the security of mobile apps, data and access back to their network. They decided to roll out a MDM solution because it “secured the device,” which really means it allowed them to set a passcode on the device. However, it fails to address their actual security needs. The MDM, or EMM as it has been reclassified, does not provide any security capabilities that align with their concerns including app tampering prevention, data encryption, access control or authentication.

Not only does this implementation miss their requirements, it also comes with huge overhead for IT. The EMM solution requires managing the device, which adds work to IT’s already full plate. The team has to ensure they could manage various versions of iOS, Android and more. They also have to troubleshoot how policies are applied across different device operating systems, versions and even different device models. The ROI on their mobile security investment quickly erodes, as the time the spent addressing device OS and version issues diverts resources from addressing original security concerns. Additionally, their choice results in a loss of privacy for their users, especially for BYOD users, which is at odds with the increasing pressure from regulators and global laws to protect user privacy.

This story is very common. I’ve traveled to over a dozen cities for IT and security round tables in the past year and have spoken with more than 200 people about their security strategies. Every person I’ve talked to had some variation on their own, “security theater,” and stressed the need for a change because their existing strategy and execution wasn’t working.

Mobile is one of those rare areas that has moved so quickly, we in the enterprise can’t keep up even if we’re at the bleeding edge. Technologies are being released and consumed by our users at such a rapid pace that our previous strategies just don’t apply any longer. EMM products are configuration tools, they have a purpose but security is not one of them. Thinking about mobile security is much like thinking about security in other parts of our enterprise. We care about “the noun” or the thing of value, and in most cases the thing of value is the data. So we must focus on monitoring, logging and controlling the data as close as possible – this is what we do everywhere else in the organization and mobile shouldn’t be the exception.

We’re finally at a time where managing and deploying mobile applications and securing and fortifying virtually any mobile app can and must co-exist. We can finally stop worrying about the glass, plastic and circuits and move up the stack to focus on the applications that matter. Those applications that don’t have the built-in security controls and prevention capabilities or that require management and distribution. By applying controls to those applications and enforcing encryption, authentication, secure connections and DLP, we gain visibility into the actions of the users, applications and data.

So here is the easy guide to mobile security:

Advertisement. Scroll to continue reading.

• Focus on the apps and data to meet your requirement as the threats to the device are evolving and devices can’t be trusted.

• Apply monitoring and security controls to the apps and data

• Use a mobile app catalog to distribute both your internal and secured versions of 3rd party applications

• Monitor apps and data to prevent security vulnerabilities

• Implement solutions that allow apps to connect without full device VPN

This straightforward strategy will reduce time spent attempting to manage various devices and focus teams on ensuring user privacy, applying controls and allowing solutions and processes to scale while still securing internal and 3rd party applications.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Fraud & Identity Theft

A team of researchers has demonstrated a new attack method that affects iPhone owners who use Apple Pay and Visa payment cards. The vulnerabilities...

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

Asus patched nine WiFi router security defects, including a highly critical 2018 vulnerability that exposes users to code execution attacks.