Securing Mobile Devices: Protecting Data While Enabling Productivity

Mobile SecurityHow did previous generations ever get anything accomplished?

Over the past twenty-five years, the span of a single human generation, we have transformed our communication and workplace behaviors. Complex activities that once may have taken weeks to finish can now be completed within minutes.

Unfortunately, our most advanced smartphones and tablets – and the data we create and share on these tools – are highly vulnerable to cyber attacks. According to recent reports, black-hat hackers are increasing their attacks on mobile devices. This threat is garnering international attention.

“Political leaders around the world, including President Obama,” writes Juniper Networks CEO Kevin Johnson, “have begun calling for a greater focus on [mobile security]… A typical security breach costs a business more than a half a million dollars to address in terms of cash outlays, business disruption, and revenue losses….” Fortunately, most IT security teams are developing strategies to eradicate this threat.

Building a Mobile IT Security Strategy

For most organizations, “the challenge,” writes IT security specialist Mark Bouchard, “is [understanding] how to enable productivity and mitigate the threats, vulnerabilities, and risks in a way that strikes the best balance and the lowest total costs.”

In a whitepaper authored for Websense, Bouchard – founder of the IT research and analysis company AimPoint Group – details a three-tier plan that secures the two critical points: corporate data and mobile devices.

  • Tier Two: Using encrypted data tunnels, DLP technology, and user-authentication systems. Shielding data from hackers has proven an effective technique. What’s the risk of not running these shields? Ever hear of sidejacking? It’s a popular tactic that hackers use; it enables them to quickly tap into a mobile device and access data transmitted via a Wi-Fi hotspot.
  • Tier Three: Relying on server-hosted virtualizations, enterprise sandboxes, and always-on-VPN. Sandboxing, touted by Savid Technologies CEO Michael A. Davis, supports data encryption and provides enough security to protect high-level communications, such as those President Obama sends on his mobile phone. Virtualizations work well with native mobile apps.

Implementing the Plan

But a sound IT security strategy is only the beginning. Organizations need to police their IT environment and educate mobile users. The first step is standard practice; the second is frequently overlooked or many times, poorly implemented – and often is the cause of much cybercrime.

When mobile users don’t understand usage policies, or worse, when these policies are inflexible to the point of interfering with productivity, users will most likely ignore the rules. And when they do, they are not simply making themselves vulnerable to attack: They are potentially putting an entire network at risk. How?

Most IT attacks result from user actions. To prevent cyber attacks, users need to change their patterns of mobile behavior. To help them, organizations can offer programs in self-directed education and group training; they can also develop clearly defined mobile-security policies and run top-level mobile IT security apps. These measures can help prevent cyber attacks. In the struggle to stop unauthorized users from gaining access to critical networks – and extracting and exploiting crucial business information – IT executives must use every option available to them to persuade their organization’s mobile users to both follow standardized policies and act vigilantly in protecting their data and guarding their devices.

Is your company implementing any of the strategic tiers that Bouchard suggests? Does it have clearly defined mobile usage policies? Does it offer user education? Does the organization’s culture continuously promote adherence to these policies?

http://blogs.sap.com/innovation