Without question, mobility is mainstream. So you’d think enterprises have a good grip on the best practices for mobile security and there’s no need for a big budget increase this year, right? Wrong.
Mobile security spending is sharply on the rise. Computerworld’s Forecast 2015 predicts a 46% increase in spending on security –- including mobile security. That tops the list of IT spending priorities. High-profile security breaches at major retailers and many other companies, as well as the explosion of mobile technologies, are behind the spending surge, writes Stacy Collett in Computerworld.
And consider these eye-opening numbers: Every minute, 113 cell phones are lost or stolen in the US, while 12,000 laptops are lost each week in airports alone. Even with copious amounts of user education as to the best methods for avoiding loss and theft, devices will inevitably disappear.
Faced with these facts, it’s clear your mobile security strategy must be much more than an afterthought. To make sure your strategy meets the needs of both your users and your business, you should review it regularly. Here are some key things that should be part of it:
1) Prevent high-value data from ever getting onto mobile devices in the first place by storing it centrally. There are different ways of doing this including a desktop virtualization strategy.
2) Use containerization to mobilize sensitive data securely. The security of the hardware, operating system and individual applications is supplemented and extended by the security measures of the container. These measures include encrypted storage, app-to-app data control and data wipe policies.
3) Implement mobile device management (MDM) and mobile application management (MAM) technologies and make sure account lockout and remote wipe are implemented. You want to make sure you have the ability to either do a full wipe for corporate-owned devices or a partial wipe for employee-owned devices. However, it’s important to remember that BYOD devices may present security challenges that MDM and MAM may not address.
4) Because enterprise collaboration is critical, implement secure file sharing technology that stores, encrypts and enables control over large files that people must share. The best way to do this, once again, is through containerization, which enables you to control encryption, the apps that may be used and how data may be moved.
5) Educate your users. Make sure they understand how to keep their mobile devices updated. Make sure they understand the dangers posed by questionable applications and how to avoid them. And make sure they understand the dangers of jailbreaking a device. It can make their device susceptible to malware potentially exposing their own data as well as corporate data to theft.
6) Don’t forget the network as part of your security strategy. The network is core to delivering mobility, yet often is forgotten about as part of a broader secure mobility strategy. Make sure you protect your network with technologies that assume the network is under surveillance and untrusted, such as Endpoint Inspection, Micro VPN, Geofencing, Single Sign-On (SSO) and encryption.
Different companies have different security priorities, but this list applies to most organizations. Do you have any additional items on your security to-do list that you’d recommend?