Find Your Security Holes

By  Tony Rizzo
One thing that is extraordinarily clear from the content is this issue of Mobile Enterprise is that mobile applications are now a dominant play in all companies. Whether thinking over which top ten enterprise applications your organization needs to deploy today or tomorrow, or whether you are building exciting new mobile apps from the ground up using one of the available Mobile Enterprise Application Platforms (MEAP), the one key issue that cannot be ignored is security.

Security encompasses many things, ranging from the mobile devices that users own, the corporate data that resides on those devices, the authentication levels used to ensure that only the right people are getting into the enterprise networks and corporate data, and numerous other sometimes hidden security holes. Security also manifests itself in the guise of policy management and policy management enforcement - an area that sounds easy enough to manage yet one that is more often than not the likely ‘hole’ in the security wall.

In early December 2011 Symantec introduced a new suite of mobile security assessment services that the company has specifically built to assess just about any and all security issues that either are or might be lurking anywhere inside of a large scale enterprise that is either in the process of mobilizing its applications and services, or that already has large scale deployments of mobile apps and mobile devices in the field.

We have done a fairly deep dive in investigating the Symantec services and find them to be thorough and robust. For large scale enterprises - those with workforces of at least 1,000 in size - it makes a great deal of sense to scope out what Symantec has to offer.

However, not all enterprises are big enough to swallow the costs of those services, and not all enterprises have enough BYOD balls in the air to require them. Symantec has still done a service for those of us who fall into these camps. The company has done a great job of identifying where the security issues are likely to be found, and through this smaller enterprises can develop game plans for assessing where their security risk might be found - knowing this is half
the battle.

In developing its mobility assessment services Symantec has created what it refers to as its Mobile Security Framework - which is shown in the figure on the left. The framework is divided into three core sections covering governance, intelligence and infrastructure. Within these core sections Symantec has further identified what it believes are the five key security elements within each larger section.

Some of these are obvious, but if we are honest about it more than a few of them are not. Even within the more obvious elements, the real question to answer is: how strong are my security capabilities here? Our recommendation is to take the diagram and to do as deep - and as honest - a dive as possible in your own work environment, ensuring that you cover all 15 identified elements. You will no doubt be surprised at what you ultimately discover. /