Security compliance often varies from organisation to organisation due to varied industry regulation as well as internal security policies and procedures. We often see organisations attempt to repurpose security frameworks from the PC world and apply them to mobile. Mobile is fundamentally different than other enterprise technology and therefore requires a revised approach to security policies and countermeasures.
Security compliance in the mobile era
We've all seen the headlines; retail breaches of consumer payment data continue to occur. But those organisations that embrace mobile now have a way to automatically mitigate these threats. In mobile, retailers can leverage enterprise mobility management (EMM) to identify threats and automatically take action to mitigate a breach. EMM enables organisations to isolate a hacked device by blocking it on the network or even wiping the device to remove its data.
Adapting security for real-time mobile data access
In order to adapt security compliance to mobile, organisations must first understand the threats unique to mobile apps, content and devices. The Top 4 mobile threats are:
- Malicious and risky apps
- Jailbroken (iOS) or Rooted (Android) devices (the acquisition of complete administrator rights on the device)
- User data loss (Intentional or Accidental)
- Unprotected networks
Risky Apps are those free or paid apps we use everyday in our personal lives and even at work. Enterprises are quickly realising that many of these apps (about 81 per cent according to Appthority) may have risky behaviors that collect PII information and share GPS, location, email address, or even contact lists with adware sites and other suspicious sources. App Risk Management and App Reputation Services provide the method to understand the risk of the more than 2.5 million apps so organisations can make educated decisions about risk.
Jailbroken or Rooted devices present a huge risk to corporate data because, once a device is hacked, the mobile operating system is compromised. Prompt detection and mitigation is key. EMM allows detection to happen both online and offline to allow corporate data to be wiped from the device to mitigate data loss.Porthole Ad
The corporate perimeter has become blurred with the introduction of mobile. Combine this an excess of ways to share data; and you have a huge threat to business data loss. Fortunately, with an EMM solution, a variety of controls exist to control this data sharing at the device level or the app level through secure access to and protection of the corporate data.
As long as users travel and connect to unsecured, open WiFi networks, we'll have hijacking threats allowing interception of sensitive data. Fortunately with user or device certificates, organisations can leverage per-App VPN connections and end-to-end session trust to protect data-in-motion and ensure that users' data is not hijacked.
Be proactive, be prepared
Mobile enables security through its many inherent security controls and organisations are increasingly adding EMM for additional security and management capabilities. When applying IT Security controls to mobile, it's important to first understand the fundamental differences between mobile and the legacy PC world. The majority of these controls can be provided natively by EMM and APIs already exist to integrate with existing security infrastructures. No company wants to be the next breach headline, so it's always important to incorporate both proactive and reactive security controls. Being prepared will allow an organisation to achieve compliance, but also minimise the threat of a data breach.
As the threat of cybercrime continues to grow, the need for Enterprise Mobility Management & Security is more important than ever. Attendees will be able to discuss this with the MobileIron team at their IP EXPO stand, DD12. In addition Jack Johnson, CIO of London Borough of Camden will be speaking at the seminar "How BYOD and mobile helped to digitally transform the London Borough of Camden", so attendees can see the real impact of effective EMM implementation.
It is crucial that businesses implement the proper measures to protect their assets and this most certainly involves a proactive rather than reactive approach to security. To truly understand what you need to know about your own systems and defences, you can also learn more at Cyber Security EXPO, co-located with IP EXPO Europe.
Register now at www.ipexpo.co.uk
Mike Raggo is security evangelist at MobileIron.