You’re a security IT professional and you think you’ve taken the steps to get your network secure. You feel confident— safe even— as you walk the corridors of your organization. Then across the office, you hear a sound — it’s faint at first. Then you hear it again, this time from the executives’ offices.
Now, you can’t escape it — it’s the sound of employees bringing their own mobile devices to work. Every “chirp,” “bing” and personalized ringtone represents a different device, operating on a different platform, accessing information and walking out the front door with it.
You can’t fight mobility. It’s here. Employees expect it, and in most cases, mobility brings with it increased productivity. But as an IT professional, you need to be preparing for the associated security risks.
The basic goal for creating mobile security in the face of the consumerization of IT should be to secure the accessible company data once it becomes local to the device. There are three steps you can take to stay ahead of risks: mobile device management (MDM), supplemental security and emerging security measures.
Step 1: Mobile Device Management (MDM)
MDM is the most basic thing you can do to protect your company, regardless of whether your employee has an iPhone, Android, Blackberry or some other obscure platform for their mobile device. Be sure that any MDM solution you invest in can do the following:
MDM is not enough on its own. Users need to assist with network security, too, by being made aware of your corporate mobile policies and ensuring they are following them.
Application management – you should be able to know and, if necessary, restrict what that device is downloading and running
Configuration management and resource control – you want control over what that device connects to, what it takes pictures of and its passwords
Detection of jailbroken or rooted devices – these devices are inherently more risky
Device recovery and loss mitigation – track it, lock it down, wipe it clean
Support and service management – quality tech support pays dividends in the long run
Signed agreements acknowledging that employees understand their rights, their responsibilities and the company’s rights are crucial. Still, MDM and policy together won’t keep all threats out, and this is where supplemental security measures step in.
Step 2: Supplemental Security
Even if your employees aren’t going to be doing anything other than checking email with their mobile devices, you’ll want to consider more than just securing your access. You will want to have some additional data protection on hand in the fight for mobile device security. This effectively means that you should control what data can make its way on to mobile devices in the first place.
And, while mobile malware hasn’t historically been much of a concern, times are changing. With mobile devices overtaking desktop computers in popularity, mobile attacks are anticipated to increase. So, in addition to the data security controls noted above, you need to be considering web and application security with the latest real-time threat intelligence to stay ahead of the curve.
Step 3: Emerging Security Measures
There are also some emerging security measures to consider include.
Are you ready to smash all those mobile devices into tiny bits to ensure your network and data remain safe? Take a step back. Security in the world of mobile devices really just requires a little extra vigilance in the end. Soon you’ll be walking the corridors with your head held high again, confident in your organization’s mobile security.
Application and desktop virtualization – With view-only access and desktop virtualization solutions, you never allow sensitive data to leave the data center in the first place.
Self-defending apps – Organizations that have this luxury can design applications that incorporate encryption and key management functionality from the start. These apps are inherently more secure as they rely less on native platform features and data storage locations for protection.
Agent vs. cloud – Deploy one for your supplemental threat and data protection capabilities.
Sandboxing – Create an isolated zone on the mobile device where users can work with enterprise resources.
Create an always-on VPN – Route all data traffic back to headquarters or the cloud via an encrypted tunnel.