Security Experts:

Connect with us

Hi, what are you looking for?


Mobile & Wireless

Let’s Make Mobile Security Easy

Not a week goes by that I don’t speak to an enterprise struggling with mobile security. From what to support to how to ensure the security of mobile apps and data, enterprises are banging their heads against the wall to find a solution to secure mobile.

Not a week goes by that I don’t speak to an enterprise struggling with mobile security. From what to support to how to ensure the security of mobile apps and data, enterprises are banging their heads against the wall to find a solution to secure mobile.

We often make things harder than they have to be by securing everything, when some things just aren’t as important as others. Often times, the steps we take to secure our mobile devices do not provide management or security benefits. They’re simply, “security theater,” or measures intended to provide the feeling of improved security while doing little or nothing to actually secure, like some of our favorite airport “security” practices.

Last week I spoke with a company rolling out a MDM product as THE mobile security solution. The company was concerned about the security of mobile apps, data and access back to their network. They decided to roll out a MDM solution because it “secured the device,” which really means it allowed them to set a passcode on the device. However, it fails to address their actual security needs. The MDM, or EMM as it has been reclassified, does not provide any security capabilities that align with their concerns including app tampering prevention, data encryption, access control or authentication.

Not only does this implementation miss their requirements, it also comes with huge overhead for IT. The EMM solution requires managing the device, which adds work to IT’s already full plate. The team has to ensure they could manage various versions of iOS, Android and more. They also have to troubleshoot how policies are applied across different device operating systems, versions and even different device models. The ROI on their mobile security investment quickly erodes, as the time the spent addressing device OS and version issues diverts resources from addressing original security concerns. Additionally, their choice results in a loss of privacy for their users, especially for BYOD users, which is at odds with the increasing pressure from regulators and global laws to protect user privacy.

This story is very common. I’ve traveled to over a dozen cities for IT and security round tables in the past year and have spoken with more than 200 people about their security strategies. Every person I’ve talked to had some variation on their own, “security theater,” and stressed the need for a change because their existing strategy and execution wasn’t working.

Mobile is one of those rare areas that has moved so quickly, we in the enterprise can’t keep up even if we’re at the bleeding edge. Technologies are being released and consumed by our users at such a rapid pace that our previous strategies just don’t apply any longer. EMM products are configuration tools, they have a purpose but security is not one of them. Thinking about mobile security is much like thinking about security in other parts of our enterprise. We care about “the noun” or the thing of value, and in most cases the thing of value is the data. So we must focus on monitoring, logging and controlling the data as close as possible – this is what we do everywhere else in the organization and mobile shouldn’t be the exception.

We’re finally at a time where managing and deploying mobile applications and securing and fortifying virtually any mobile app can and must co-exist. We can finally stop worrying about the glass, plastic and circuits and move up the stack to focus on the applications that matter. Those applications that don’t have the built-in security controls and prevention capabilities or that require management and distribution. By applying controls to those applications and enforcing encryption, authentication, secure connections and DLP, we gain visibility into the actions of the users, applications and data.

So here is the easy guide to mobile security:

• Focus on the apps and data to meet your requirement as the threats to the device are evolving and devices can’t be trusted.

• Apply monitoring and security controls to the apps and data

• Use a mobile app catalog to distribute both your internal and secured versions of 3rd party applications

• Monitor apps and data to prevent security vulnerabilities

• Implement solutions that allow apps to connect without full device VPN

This straightforward strategy will reduce time spent attempting to manage various devices and focus teams on ensuring user privacy, applying controls and allowing solutions and processes to scale while still securing internal and 3rd party applications.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Mobile & Wireless

The February 2023 security updates for Android patch 40 vulnerabilities, including multiple high-severity escalation of privilege bugs.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

South Dakota Gov. Kristi Noem says her personal cell phone was hacked and linked it to the release of documents by the January 6...


Pig Butchering, also known as Sha Zhu Pan and CryptoRom, is an ugly name for an ugly scam.