By Stewart Cawthray
Security is a balancing act, especially when it comes to emerging technologies. Embracing mobility requires an enterprise to adapt its security posture or be exposed to unmanaged risk.
By Stewart Cawthray
Mobile solutions are rapidly becoming a top business priority. Businesses are seizing the benefits mobile presents, while security organizations are scrambling to control the enterprise’s mobile-related activities and manage the inherent risks. Going mobile requires a strategic perspective.
The importance of defining a security strategy for mobile carries great urgency. Recent reports indicate that 51 per cent of companies have experienced data loss due to insecure mobile devices. The average cost of a breach was a hefty $5.5 million.
An enterprise mobile risk management strategy is not easy to define. It’s best to concentrate on three focus areas for mobile security:
1. BYOD: “Bring Your Own Device” has become a defining characteristic of mobile adoption in the enterprise. BYOD policies should reflect the enterprise’s risk appetite based on its industry, regulations and culture. Policies can determine the degree of device choice and which employees participate. Before it can enforce its BYOD policies, an enterprise needs to gain visibility and control over these new devices.
2. Protected Access: Mobile devices empower employees to access relevant information whenever they need it. Users will frequently need access to enterprise data and resources. The enterprise must not only establish secure connectivity channels, but also manage risk associated with user authentication and authorization. Special care is needed to prevent unauthorized access and reduce risky behaviours. Protecting mobile access provides security teams another lever to gain awareness over their mobile audiences.
3. Secure Mobile Solutions: Apps have emerged as the primary interface for delivering mobile solutions. Apps enable the rich user experience that mobile consumers demand. Security design needs to be incorporated in each step of the software development lifecycle. Mobile app developers need tools and processes that help them incorporate the enterprise’s security standards and best practices. The enterprise must enforce a baseline of security standards across the mobile solutions it develops.
Mobile is a transformational technology giving individuals unprecedented freedom and flexibility. Enterprises cannot afford to ignore this opportunity, but at the same time can’t put their organization, clients and employees at risk in a rush to embrace this technology. By focusing on BYOD, protecting access, and securing mobile solutions, enterprises can balance the risks and gain tremendous rewards.
Stewart Cawthray is the Chief Security Architect with IBM Security Services in Canada.