With advent of mobility in enterprise, services could be provided to the client’s round the clock increasing customer satisfaction and level of services. It has improved the scope of innovation and agility for enterprises.
However, increase in mobility services in enterprise has exposed the risks of security in various ways. Cyber security is becoming a perennial business risk these days.
Let us glance through some of the risks involved and strategy for Enterprise Mobile Security:
- Diverse Environment of Operation: In this day and age, mobile devices are performing various function on diverse devices using different platforms for operation. Diversity, however, presents certain challenges that require specific strategies. Additionally, these days’ employees use multiple devices that results in exposure to higher risks to data. According to Forrester research, 53% of IT staff use 3 or more devices during their work and 95% of companies have allowed employees to use their own device for official work.
- Enterprises allowed BYOD (Bring your own device) to promote IT consumerization. One user one device theory no longer holds water when enterprise stretches into the world of mobility. This leads to mix up of personal and official data and data loss. However, one can try out few options to take care of this –
- Proper security measures and policies must be set and implemented at organizational level to prevent it.
- Implementing security intelligence platform through which one can integrate as well disseminate all critical events related to mobility.
- Mobile device management (MDM): Before the device accesses the enterprise network, it needs to be verified for being jail broken. Remote lock, Mobile VPN, wipe blacklisting of applications and encryption provides advanced level of security.
- 24*7 connectivity breaching demographic barriers: As mobile devices enables one to be connected 24*7 from all locations, one tends to access unsecure networks exposing to risk of data loss. During mobile communication, up to 71% are using WiFi and about 90% of WiFi hotspots in public do not have enough security measures. Few options below could be considered to prevent it –
- Connectivity must be through Certificate-based network.
- Try utilizing per-app VPNs which have capability of encrypting the data which is in transit.
- One can deploy email proxy that could block unauthorized device and applications.
- Loss and Theft of Mobile devices: According to The Global State of Information Security® Survey 2015, there were 1.75 billion smart phone users worldwide. Smart Phone and other portable mobile devices have higher exposure to theft and loss. A survey conducted by PWC for 9700 business executives shows that the total number of security incidents detected surged to 42.8 million in 2014 which is a steep hike of 48% as compared 28.9 million in 2013 and 24.9 million in 2012. This clearly shows the extent of data usage and the risks of data loss involved. One could consider below options to prevent data loss due to theft –
- Password policies could be enforced for devices and applications involving multilevel authentication.
- For corporate application single sign-on could be enforced along with encrypting corporate apps.
- Device wipe – selective or full could be used.
- Need to monitor device compliance to block compromised devices from accessing secured enterprise networks.
- Data Leak due to unmanaged File Sharing and Risky Apps: It’s worth considering that unmanaged file sharing is one of the major causes of data leakages as most of the employees use the mobile apps for personal use and work. One can check out below options in this context:
- Implementation of mobile DLP policy (Block Copy and Paste Option)
- Use “Open In” controls so that the file cannot be accessed by unauthorized apps.
- Work email and unstructured data stored in content repositories of company – “SharePoint” should be prohibited from unintended use or exposure.
- Monitor user’s historical activity to identify or keep a check on any fraudulent activity.
- Risky or Malicious Applications: Mobile Apps—however useful they might be—are easy targets for cyber-crime. As per Norton Mobile Insight, October 2014, estimated 3 million malicious applications detected along with 8 million applications surfacing risky behaviors were circulating. This included: sending content 13%, information stealing -19%, reconfiguring the device 13%, user tracking 22%, and traditional threats 26%. These could be prevented by –
- Implementation of mobile threat protection that is managed centrally.
- It can black list malicious apps depending on their behavior.
- Mobile application management (MAM): Built on theory of containerization. Mobile app security and control and its data as well as settings are looked into as a part of a container, which can be managed centrally. Encryption, authentication, network, location etc. are Application level policies that can be included.
If today’s enterprise doesn’t have couple of enterprise mobile applications, it will lose out on the competitive edge. However, porting desktop application to mobile would attract security concerns as discussed above.
Mobile applications are growing in leaps and bound and risk of security arising due to it shouldn’t prevent enterprises to shy away from Enterprise Mobility.