Business mobility is sitting high up the priority list for CIOs in 2019. New research shows 64 percent of enterprises rank improving mobility and mobile security as a top priority. They see mobile access as key to improving employee talent, internal communication, making decisions faster and cutting costs. Mobility, however, comes with challenges. Top of that list is security.
Data leak prevention
Intrusion detection and prevention
Managing access to data
Preventing data loss when devices are lost
The concerns of IT leaders are easily justified. 82% of those surveyed said mobile devices can access most of their corporate data. As more enterprises introduce bring-your-own-device policies, more data will be put at risk.
88% of Android devices are vulnerable
University of Cambridge computer scientists recently found that the infrequent release and user reluctance of security updates for Android devices has left 88 percent of them vulnerable to at least one of 11 critical security flaws.
Apple is not in the clear either. The nature of iOS makes it hard for the same analysis to be done on iPhones and iPads, but the researchers said they expected the same level of vulnerability in the Apple ecosystem.
The sources of the danger
An employee downloads something infected with malware or connects to an unsecured WiFi network. The routes to compromise are many and easy to conceive. Once the malware is installed, it begins hunting for or capturing corporate data using the device’s access.
The greatest concern in these scenarios is the general lack of visibility that IT administrators have into potential mobile security issues. Most malware cases go unnoticed until it is too late.
Given that the growth in mobile usage is unstoppable (desirable, in fact), mitigation of risk is the only remaining approach.
A separate network for BYOD devices gives you a checkpoint to make sure personal devices and mobile apps are validated. A master security policy can set out exactly what information mobile devices can access. Secure mobile access solutions with context-aware authentication, network access controls and a virtual private network help keep access to only authorized users and mobile apps located on validated devices.
If you develop and deploy your own enterprise apps, put them through a security vetting process
Treat mobiles like laptops permanently connected to a network outside your control
Know what applications your staff use to access your data
Where possible, encrypt data at both ends of the transaction
Protect data first and the device second. (Your mobile data management system should allow you to wipe a device remotely. Losing data on a server is a far bigger headache — loss of business, furious customers, lawsuits…)