Browser Security 'Critical' to Mobile Protection, Says Forrester
Security professionals should keep an eye on browser application technologies if they want to ensure that mobile devices used in the enterprise are secure, according to a Forrester analyst.
Fri, March 18, 2011
Computerworld UK — Security professionals should keep an eye on browser application technologies if they want to ensure that mobile devices used in the enterprise are secure, according to a Forrester analyst.
"Mobile devices coming in [the business] use mobile browsers or embedded browsers inside the native app, so browser security is going to be critical," Chenxi Wang, principal analyst at Forrester Research (FORR), told the Forrester Security Forum in London yesterday.
She added: "You have to demand vendors give you secure software." Wang was speaking about how security professionals can support the technologies that 'empower' employees, namely social media, mobile, cloud and multimedia.
One of the biggest shifts for IT security, she said, was the "explosion" of endpoints, as employees bring more of their own personal mobile devices to work. She urged IT to start automating the management of these endpoints, integrating it with desktop management.
"Put endpoint management on your near-term to do list. You need to manage mobile devices and you can't do this one device at a time," said Wang.
"So if you have more than 50 mobile devices, it is time to think about bringing a mobile device management system that would give you the scale and automation you would need to support them, as you did with desktops."
Information security professionals also need to classify data as the boundaries of the enterprise are extended - for example, as employees are more mobile, and as more cloud services are used.
"If you are going to put data in the cloud you need to understand what data can and can't be put into the cloud, or what data the mobile devices can access. You just have to separate out the critical data," she said.
Wang reminded security professionals about their responsibilities to the business, that is, is to tell the business what the security risks are, not the other way round.