As a consumer watching from afar, the announcement of new smartphones and other mobile devices coming out of the annual Mobile World Congress in Barcelona fill me with excitement. After all who can fail to be impressed by the sophistication and capabilities of the newest gadgets and technology unveiled at this world leading show?\nBut as a security expert I have a sense of foreboding about what all these new devices mean to the poor hard-pressed Chief Security Officer (CSO) in governments and businesses worldwide.\nThe world of the security team was relatively easy in days gone by when most people used desk bound PCs and mobile phones were something you needed to go bodybuilding to be able to carry. In those days cybercriminals were often just geeky teenagers trying to show off to their mates rather than the well-resourced and highly sophisticated criminal gangs of today.\nAs the transition away from relatively easy to manage corporate laptops and desk-bound computers, personal tablets and smartphones gathers pace, it\u2019s no surprise that hackers are choosing these mobile devices as their next target. It makes economic sense and they are simply \u2018following the mobile money\u2019.\nThe issue with employee-owned mobile devices is that they access corporate resources outside of the control of the corporate IT team. So it can be difficult to identify even basic environmental data for these devices, such as the number and type of devices being used, and the operating systems and applications.\nIn addition mobile malware is growing, which further increases risk. Research from Cisco indicates that 99% of malicious attacks on mobiles in 2013 occurred on devices running Google's Android operating system. Given the lack of even basic visibility, most IT security teams certainly don\u2019t have the capability to identify potential threats from these devices.\n\n\n \n\n\nBut banning mobile devices outright from the corporate environment is neither desirable nor practical. After all they bring all kinds of benefits to the company. But the security team needs to begin to gain the information security advantage and must be able to see everything in their environment. Only with visibility can they understand whether a device is a risk and then protect against it.\nFor most enterprises, the right solution is to implement Bring Your Own Device (BYOD) policies that clearly define the proper use of employee-owned devices in the enterprise.\nIn order to maintain control of the network:\n\nFirst, identify technologies that provide visibility into everything on the network \u2013 devices, operating systems, applications, users, network behaviours, files as well as threats and vulnerabilities. With this baseline of information they can track mobile device usage and applications and identify potential security policy violations.\nSecond, enterprises should leverage technologies that help apply security intelligence to data so that they can better understand risk. From there, it\u2019s possible to evaluate mobile applications to determine if they are malware and even identify vulnerabilities and attacks targeting mobile assets.\nThird, identify agile technologies that allow the company to adapt quickly and take action to protect systems in rapidly changing mobile environments. Enterprises need to create and enforce policies that regulate what data can be transmitted to BYOD users.\nFor employee owned devices it may be useful to lock down your organisation\u2019s network or computers (laptops, desktops, servers) with capabilities like application control. Consider approved applications that can be used by employees to remotely access their desktop computers back in the office form their tablet while travelling. While they may not be able to limit the installation of an application on the device, they can prevent it from running on corporate-owned computers.\n\nAt the end of the day, security of mobile devices is ultimately a question of three phases:\n\nBefore \u2013 establishing control over how mobile devices are used and what data they can access or carry\nDuring - Visibility and intelligence is vital if security professionals can hope to identify the threats and risky devices and monitor their activities on the corporate network\nAfter \u2013 when the inevitable happens and the network is compromised by a threat, this is the ability to retrospectively review how that threat entered the network; which systems it interacted with and what files and applications were run to ensure it can be cleaned up as quickly as possible.\n\nThere\u2019s no doubt that adoption of mobile devices in the workplace presents a challenge that is as much a question of policy and control as it is of technology alone. However, while the trends in mobile device might change from styles and brands, they won\u2019t be going away anytime soon. So an increasingly mobile enterprise, where BYOD is the norm, organizations need an increased level of IT security to cope.