Securing the Enterprise of Things

null

We've had security education and best practices for so long, so why are employees and enterprises still falling to malware and cyberattacks?   

Unfortunately, the reality is that cyberattacks will continue to be a constant threat for businesses and individuals. Employees are not going to stop circulating sensitive documents just because of a perceived security risk. They often have different priorities and don’t consider this risk in the workplace. Additionally, phishing scams and cyber criminals trying to extort data for financial gain are not going anywhere.  It’s a constant battle.    

An outright lock down of corporate data is not an option – employees can be remarkably crafty at breaking or circumventing obtuse security when their productivity is at stake. As such, critical files will continue to proliferate across devices and perimeters. To protect the interests of an organisation, it’s necessary to implement strong security controls that follow documents wherever they go. Businesses can then ensure that sensitive data is properly protected without impeding their workforce, giving employees the level of access and freedom they demand without putting their data at risk.  

As we move to the Cloud, does the burden of security move as well? How far or porous has the perimeter become?   

Cloud is the future of the Enterprise Mobility Management (EMM) market with most vendors offering some levels of this delivery model.  

The proliferation of new connectivity within the workplace, such as cameras, sensors, vehicles, and wearables is making it extremely challenging for the enterprise to not only manage but also secure. The Enterprise of Things is only going to get bigger and not only in terms of the actual ‘things’ that are connected but more importantly the data that those ‘things’ are collecting.    

A recent whitepaper by 451 Research titled “Securing the Enterprise of Things” found an increasing amount of connectivity and more concern about security than initially assumed. There is a surprising level of anxiety around the lack of security around those endpoints. The other thing revealed by the report is how unprepared companies are, especially when it comes to dealing with cybersecurity lapses.    

Businesses must update their security model to reflect the reality of the modern IT ecosystem. Many organisations still focus on perimeter defenses — firewalls, intrusion detection systems and network access control — but perimeter defenses are only effective in protecting data inside the network. The good news is that all of the technologies needed to protect against these types of attacks are already available. Secure file-sharing and collaboration solutions like BlackBerry Workspaces are already used by businesses to securely share encrypted files and control digital rights, even after the files leave their network, which ensures productive workflows. Unified Endpoint Management solutions are also key in centrally securing and controlling all the devices that connect to the enterprise, including desktops, laptops, mobile or even IoT devices.   

How hardened are current devices and endpoints to deal with modern threats? 

Many enterprises are simply not prepared for the onslaught of cyberattacks that are becoming increasingly common, as shown by recent ransomware attacks such as WannaCry and Petya along with high-profile hacks such as the Equifax data breach.  

Written by 451 Research, a recent whitepaper titled “Securing the Enterprise of Things: Opportunity for securing IoT with a unified platform emerging as IoT popularity grows” surveyed 200 IT decision-makers across a wide range of vertical industries, including financial services, government, and healthcare to understand industry attitudes amidst the growing IoT field. Key themes that emerged include:   

  • Seventy-eight percent of respondents indicated interest in a solution that allows them to manage all their endpoints in one place.   
  • Sixty-three percent note that security is the “top” concern regarding digital technologies and processes. However, only a little over one-third (37 percent) surveyed currently actually have a formal digital transformation strategy in place.
  • Organisations are least prepared against external threats, with nearly two-thirds (61 percent) citing hackers with malicious intent and cyberwarfare as top concerns.
  • Leaders must take action to ensure that IT is prepared to support the wider digital transformation goals of the organisation. Thirty-nine percent of respondents from very large organisations (more than 10,000 employees) revealed that a lack of collaboration among internal departments is a potential barrier to unified endpoint management, while 51 percent of midsized organisations felt the same way.    

Do we still need to run containers to secure enterprise apps and data? Containers Vs virtualisation? Which is right choice for enterprises

Encryption can be broken – and if encryption’s all that businesses rely on, that means its data is at risk. With a multi-tiered approach to security, businesses can protect itself at every layer. Businesses can encrypt the hard drive and network communications, place apps within the secure container, and place files within BlackBerry Workspaces.  

It is also not effective to virtualise a mobile endpoint due to a lack of resources and existing limitations such as battery life.    

Malware aside, insecure applications represent a significant risk for businesses, particularly those with burgeoning mobile initiatives. Data leakage remains a consistent threat, with 46.2% of apps on iOS and 86.7% of apps on Android exhibiting privacy-invasive behaviors, and user privacy is an ever-growing concern. By locking down business-critical apps with a device-independent containerisation tool like BlackBerry Dynamics, businesses can keep data safe from bad apps and physical theft. 

Is identity management the way to go? Will it solve app and data issues across devices? Can application delivery be an effective BYOD strategy for organisations looking to go mobile? 

Many businesses want to deploy mobility, yet struggle to manage their networks and employees’ mobile devices and services. Security is far from the only challenge represented by BYOD. Businesses are allowing employees to bring their own devices into the workplace, and employees will use their personal phone to conduct work over voice, text, and data. That is the problem.  

Organisations in fields like healthcare, government, and financial services are faced with several unique challenges where mobility is concerned. On one hand, they must follow frameworks and directives such as MiFID II, regulations that dictate requirements around encryption strength, data storage, and data discoverability. On the other, workers in these industries have the same needs as anywhere else. They must have access to the corporate resources they require to do their job. They must have the ability to quickly and easily collaborate with one another. And in some cases, they need the ability to use their personal devices in the workplace.  

We can look at identity management to combat issues brought about by BYOD. BlackBerry’s WorkLife Persona gives employees a separate corporate identity on their device without requiring an additional SIM. This eliminates the need for employees to use their personal phone numbers for work – meaning their personal lines stay private. Businesses’ IT departments, meanwhile, have full control over WorkLife Persona’s corporate profile, making cost management and regulatory compliance a breeze. By creating a separate corporate identity and walling off corporate voice, text and data from personal apps, BlackBerry increases productivity by eliminating employee concerns about being billed for work charges on their personal plans. Employees can work on mobile with confidence, and businesses can eliminate one of the final roadblocks to BYOD.

BYOD does not have to be a financial, legal, and regulatory nightmare. Businesses can seamlessly draw a line between corporate and personal use. By creating a separate corporate identity on any device, businesses are able to meet stringent compliance requirements, reduce mobility costs, gain full control over corporate voice, text, and data usage, and make its BYOD program truly come alive. 

How will IoT change our approach to security? If the perimeter has moved or is now the endpoint, what does this mean for security and what we need to secure?    

The Internet of Things is revolutionising many things, including how we operate and do business. Gartner says there are already more than 2 billion connected sensors, trackers and other devices used by businesses to heat their buildings, manage car traffic, heal patients, ship their cargo, and more. By 2020, there will be 7.3 billion such devices inside enterprises, so the Enterprise of Things is very, very real.    

This network of intelligent connections and endpoints, which helps enterprises move products from sketch to scale, needs securing from data theft and from hacker disruption. The explosion of devices and consumer applications is making it increasingly difficult for enterprises to balance information security and compliance with productivity and connectivity.    

Mobile Device Management (MDM) and EMM are simply not enough, which is why we advise clients to look at Unified Endpoint Management (UEM) platforms that let companies secure and manage these devices, plus the associated applications. Last year at the annual BlackBerry Security Summit, we demonstrated live onstage how a hacker can use something as simple as an internet-connected tea kettle to gain full access to a secure enterprise Wi-Fi network. It’s critical to remember that hackers will always target the weakest link, which is why every new IoT device that connects to the internal network should be managed as an enterprise endpoint. 

Can security analytics be moved as well and how will this change security? What will this mean for machine learning and IoT? How much security legacy is being impacted with moves towards IoT, AI etc?   

Anytime you have IT endpoints with limited processing power, there’s a natural need to minimise on-board processing and move secondary functions such as analytics to the cloud. That’s what happened 15 years ago for mobile devices and that same trend is now happening again for IoT endpoints. The biggest difference is in the type and amount of data being collected by these endpoints. Mobile devices collect data about the user’s actions on the device, but their collection of physical data about the surrounding environment is typically limited to GPS and other location information. Compare this to something like a connected car, which needs to collect huge amounts of data about its physical surroundings in order to effectively ensure the safety of the passengers and other cars on the road.  

The wealth of environmental data collected by IoT endpoints creates new safety and privacy risks, but also new opportunities. On one hand, it’s even more important to protect this data, ensuring that it’s encrypted both at rest and in transit and anonymised where appropriate. On the other hand, feeding the data into machine learning and AI technologies can help us gain new insights into how users interact with their environments. The better we can model how these interactions typically take place, the more we’ll be able to detect unusual patterns, helping us predict and even prevent safety and security threats in real-time. 

How does BlackBerry envision the future of UEM to be?   

The Enterprise of Things is the new normal. EMM is no longer sufficient – to secure, manage, and connect business and its users, businesses must take a more holistic, unified approach. For BlackBerry’s clients, BlackBerry UEM is the foundation of our approach to secure and manage this explosion of connections. We have flexed our military-grade BlackBerry Secure architecture to protect fast-evolving enterprises and governments as they scale exponentially from personal mobile devices to billions upon billions of connected IoT endpoints. Enterprises continue to be driven by advances in technology and mobility. Needs have morphed and the line once separating mobile security from cybersecurity has become a distinction without a difference.  

BlackBerry UEM represents the next, evolutionary step in our mission to secure not just mobile devices, operating systems, apps, and data, but the full Enterprise of Things. BlackBerry UEM converges device, application, and content management for mobile devices with management for laptops and desktops into one administrative console, providing a single point of control for endpoints, apps, and services. And with support for all major platforms, including iOS, Android, BlackBerry 10, Windows 10, and MacOS, employees can use the devices they prefer for productivity, without sacrificing security. 

Marty Beard, Chief Operating Officer at BlackBerry 

Image Credit: Wright Studio / Shutterstock