What are the most significant mobile security challenges for enterprise security professionals?
Mobile has become a flashpoint between security and IT professionals and lines of business. In the pursuit of increased productivity and convenience, BYOD and increasingly BYO App, are the new norm, whether security and IT departments admit it or not. While not intentionally malicious, this employee behavior puts the enterprise at risk, particularly for unintentional data loss on mobile devices. IT and security professionals need to determine how best to bridge this divide, crafting policies and applying technologies to appropriately manage risk while enabling the business.
One of the leading considerations for enterprise security professionals within mobile is protecting the data inside 3rd party applications that they did not develop, and controlling what those applications do with the corporate data. Itís crucial to understand and control what the apps are doing with the data, where they are storing the data and where they are sending the data, as well as what individual users have permission to do with that data.
You canít secure what you canít see. Thanks to mobile, a lot of corporate data is now outside the four walls of the company. But most companies donít know how employees are using the data and where the data, particularly sensitive data, is throughout the mobile ecosystem. IT monitors network traffic, servers and desktops and as a result, they have a pretty good sense of the risk each of these possesses. However unlike the case of a lost back up tape, where IT knows the true extent of the risk or exposure, in the event of a lost phone or tablet, many companies just donít know what data is actually on the device. As a result, the potential ramifications of lost mobile devices canít be fully assessed.
Understanding how the individual is using the data on their device is essential to successfully protecting data in the mobile world. There is no substitute for reaching out to peers and communicating with users to determine patterns of use. New mobile data visibility tools are also available to provide on-going insights into the most current usage patterns, allowing IT to tailor policies and controls to ensure security. Only then, will IT be able to know give a positive user experience while securing corporate data.
How is BYOD shaping the enterprise mobile security landscape? Some think using a VPN solves most problems, would you agree?
BYOD is changing the mobile security landscape by shifting the control from IT into the userís hand. Adding a device that IT doesnít have 100 percent control over to the network exaggerates the problem. BYOD has changed how we look at mobile security much the way that the cloud has changed the way that we look at enterprise network security. BYOD has forced us to find new ways of securing corporate data. Instead of focusing on securing the device, we now have to look at which data needs to be protected while also considering user experience and user productivity. This fundamental change in mobile security shifts us away from limited containers that only fit enterprise needs toward solutions that fit both enterprise and use needs. About 2/3 of companies report putting enterprise needs above the user needs. As a result, users simply ignore security policies and simply chose to ďgo aroundĒ IT.