Embracing the digital revolution is unavoidable for businesses. It has brought great advantages with it too, such as anytime, anywhere communications and the storage of vital and personal information for use in our work and personal lives. It has also provided greater flexibility in where and how we work and communicate, making things much easier for us.
However, it is important to acknowledge security aspects when evaluating mobility policies in particular. Cyber attacks are on the increase and will continue in their complexity and frequency. We hear about serious breaches on a daily basis. This can range from password leaks or mobile phone hacks to international scale bugs. I often find that in the corporate world, many recognise the threats but fail to implement any strategy, let alone take tangible action. The good news is that there are steps that can be taken by businesses to drastically improve mobile security.
Evaluate what is needed from BYOD
Your first step should be to consider what is appropriate for BYOD and mobile devices within your organisation and then integrate secondary strategies. These include policies for those that travel to foreign countries, providing them with clean, controlled devices for that aspect of the business. Remember too, that you have a duty to instill in the younger generation a sense of responsibility for the use of mobile IT, whether on a personally-owned device or one supplied by the organisation.
Select the correct device
It is important to carefully evaluate the devices which will be integrated into the business. The mobile industry has by now proved it can provide businesses with secure services. Selecting the correct devices should make the technology simple and easy to use for IT managers and the workforce. Products that deliver flexible security by default, rather than leaving it to the user to opt in, allow businesses to avoid threats which are often unknown and allow attackers to siphon data out without any knowledge of the user.
There is plenty of very useful guidance out there for users and suppliers. Unfortunately it still has an air of complexity that puts many off even considering it. Knowledge that is fresh, thoughtful and easy to digest by the workforce is invaluable. Supplying in-house training conveys a sense of real assurance to users.
Avoid isolating security
IT managers can help businesses by considering mobile devices as part of their overall security strategy and not just in isolation; they have to be integrated into your services and must not compromise security in other parts of the infrastructure. Balance users demands with those of the business. The latter must, however, take precedence.
Invest in applications
There are also applications available to businesses which can manage security risks and make sure security goes everywhere your data does, protecting every point in your expanding mobile environment. Mobile security architecture that operates at the device, application and network tiers can enforce the security policies, as well as automatically detecting potential threats and intelligently adjusting security settings to mitigate risk. This architecture can also provide employees with secure and encrypted access to specific business applications from their smart device and to all corporate applications, logging all mobile application traffic for compliance and reporting purposes.
Businesses must do more to stay ahead of growing security risks. They must take the time to educate staff and users; they need to invest wisely in people, as well as balance risk, usability and costs. Many businesses are ignoring these basic principles and putting themselves and their customers at unnecessary risk. The threats to users of digital services, whether mobile or fixed, will by statistics alone increase proportionally to the consumption of services. Moreover criminals will see the lack of security in these services as prime targets for their activity, unfortunately the sense of remote "disconnectedness" and lack of any physical relationship to information leaves many with a false sense of protection that can be readily and easily exploited.
David Robinson is the CSO and director of the information security business unit at Fujitsu