Over the past twenty-five years, the span of a single human generation, we have transformed our communication and workplace behaviors. Complex activities that once may have taken weeks to finish can now be completed within minutes.
Unfortunately, our most advanced smartphones and tablets – and the data we create and share on these tools – arehighly vulnerable to cyber attacks. According to recent reports, black-hat hackers are increasing their attacks on mobile devices. This threat is garnering international attention.
“Political leaders around the world, including President Obama,” writes Juniper Networks CEO Kevin Johnson, “have begun calling for a greater focus on [mobile security]… A typical security breach costs a business more than a half a million dollars to address in terms of cash outlays, business disruption, and revenue losses….” Fortunately, most IT security teams are developing strategies to eradicate this threat.
Building a Mobile IT Security Strategy
For most organizations, “the challenge,” writes IT security specialist Mark Bouchard, “is [understanding] how to enable productivity and mitigate the threats, vulnerabilities, and risks in a way that strikes the best balance and the lowest total costs.”
In a whitepaper authored for Websense, Bouchard – founder of the IT research and analysis companyAimPoint Group– details a three-tier plan that secures the two critical points: corporate data and mobile devices.
- Tier One: Running established mobile-device management (MDM) applications. These apps have helped Tommy Hilfiger protect its business assets. MDM apps can quickly recover data from lost or stolen mobile devices as well as track and locate a missing device. Apple’s Find My iPhone app is one of the best. But these are not the be-all-end-all solution: This software is only the first line of defense. And be wary: Forrester analyst Christian Kane was quoted as saying “MDM technology is still immature…”
- Tier Two: Using encrypted data tunnels, DLP technology, and user-authentication systems. Shielding data from hackers has proven an effective technique. What’s the risk of not running these shields? Ever hear of sidejacking? It’s a popular tactic that hackers use; it enables them to quickly tap into a mobile device and access data transmitted via a Wi-Fi hotspot.
- Tier Three: Relying on server-hosted virtualizations, enterprise sandboxes, and always-on-VPN. Sandboxing,touted by Savid Technologies CEO Michael A. Davis, supports data encryption and provides enough security to protect high-level communications, such as those President Obama sends on his mobile phone. Virtualizations work well with native mobile apps.
Implementing the Plan
But a sound IT security strategy is only the beginning. Organizations need to police their IT environment and educate mobile users. The first step is standard practice; the second is frequently overlooked or many times, poorly implemented – and often is the cause of much cybercrime.
When mobile users don’t understand usage policies, or worse, when these policies are inflexible to the point of interfering with productivity, users will most likely ignore the rules. And when they do, they are not simply making themselves vulnerable to attack: They are potentiallyputting an entire network at risk. How?
Most IT attacks result from user actions. To prevent cyber attacks, users need to change their patterns of mobile behavior. To help them, organizations can offer programs in self-directed education and group training; they can also develop clearly defined mobile-security policies and run top-level mobile IT security apps. These measures can help prevent cyber attacks. In the struggle to stop unauthorized users from gaining access to critical networks – and extracting and exploiting crucial business information – IT executives must use every option available to them to persuade their organization’s mobile users to both follow standardized policies and act vigilantly in protecting their data and guarding their devices.
Is your company implementing any of the strategic tiers that Bouchard suggests? Does it have clearly defined mobile usage policies? Does it offer user education? Does the organization’s culture continuously promote adherence to these policies?
This post was originally published by the author on SAP’s Business Innovation blog.