CSO's 2015 Mobile Security Survival Guide
We’ve assembled this most recent Mobile Survival Guide, which includes links to some of our most important and informative mobile security articles
Security risks and data breaches are growing while the form factors of computing devices shrink—because much enterprise data today is created and consumed on mobile devices. This clearly explains why mobile security persistently tops the list of most pressing enterprise security concerns.
Currently, most of the mobile security in place is in the form of Mobile Devices Management (MDM) tools that provide such capabilities as device asset management, secure browsing, application whitelisting, data loss prevention, mobile VPN, app-level VPN and many more. While most CISOs, CIOs, and security analysts I’ve spoken to conclude that while MDM isn’t an adequate mobile security answer, it’s currently an important part of the mobile defense toolkit, especially in larger enterprises. And, as is often the case with enterprise data security, there are never any easy answers.
Fortunately, the shift to mobile doesn’t mean a shift in mindset for security professionals. In fact, the shift to mobile doesn’t change much of anything at a high level when protecting data and applications. In actuality, all of the same security practices are needed on mobile devices as they always have been on notebooks and desktops and any other computing form factor: user authentication and authorization, encryption, enforcing security policies, and everything else that comes with keeping data secure.
CSO's 2015 Mobile Security Survival Guide
To help you keep your enterprise mobile app access and data secure, we’ve assembled this most recent Mobile Survival Guide, which includes links to some of our most important and informative mobile security articles, as well as five of the core mobile security tenets you should keep in mind when securing enterprise mobile devices.
First: Give users access to devices that can be secured and securely managed.
Look for smartphones and tablets that come with inherent security controls. This includes the ability to find misplaced or stolen phones, cleanse data off the devices, and support the device configurations to a steady standard. Take a good look at how you can secure Android, Apple, BlackBerry, Microsoft, and other mobile platforms within your organization.
Second: Focus more on securing data and apps than securing devices.
Look for ways to secure data and access to specific apps rather than on protecting the devices themselves. The applications and the devices can be restored and replaced. However, the breaching of data can’t be undone. Look for ways to manage mobile data, remotely wipe them, and compartmentalize them from the user’s personal data. And, just as you would on desktops and notebooks, look for ways to protect data from accidental leakage.
Third: Look for ways to segment user apps and data from enterprise apps and data.
One increasingly common way to do this today is to segment the enterprise portion of mobile devices from personal apps and data. Because data can be created and stored nearly anywhere on a mobile device, data classification is near impossible. If apps and data are segmented, enterprise data can be wiped without destroying personal data, and if users fall for a phishing attempt or go to unsecured websites on their personal device segment, enterprise data aren’t placed in direct and great risk. The enterprise portion of the device can be fully managed.
Fourth: Keep security engaged early and often.
As the enterprise decides what apps, data, and devices will be used within the enterprise, security needs to have a say in the decision making. New apps need to be designed and built securely. Different rules need to be established for different users, with some groups requiring tighter security and others less so.
Fifth: Watch those cloud apps.
When business units and users want to use a new cloud-based app, platform, or other service, it needs to be assessed for potential risks. Users want to use a new cloud service for the enterprise portion of their devices, but those services should be properly vetted to make certain that they meet the security levels necessary.
None of this is simple or straightforward. New mobile devices with more powerful features, more storage, and greater capabilities are hitting the market every week—and workers are going to want to use them to do their job. With that in mind, we’ve assembled a number of the best articles we’ve written on mobile security.
The threats against mobile devices are growing steadily. Just last week, criminals were uncovered conducting highly-targeted attacks against specific iPhone and Android users. Malware is getting better and attackers are targeting mobile more because that’s where the data reside. Here’s an overview of the types of mobile threats enterprises face:
Given the recent iOS update and iPhone announcement, Lacoon Mobile Security has released the top threats to your iOS devices that you should be aware of.
Toward the end of July, ESD America, the makers of the ultra-secure CryptoPhone, said that its engineers and customers had discovered more than a dozen rogue cell towers (also known as interceptors or IMSI catchers) around the US.
Design quirks allow malware to be installed on iOS devices and cookies to be plucked from Facebook and Gmail apps
HOW TO PROTECT MOBILE DATA
There are more data floating around on more devices than ever—and there’s no putting the genie back in the data center. Here’s how to protect that data:
When you travel, a whole fleet of electronics comes with you. Smartphone and laptop are a given, but there’s a good chance you’re also toting a tablet, and maybe a cellular hotspot or dedicated GPS.
When connecting to an enterprise-secured network with Android devices, users are prompted with many settings that could be confusing. When connecting with iOS devices—an iPad, iPhone, or iPod Touch—users typically are only prompted for their username and password. They can’t edit the advanced 802.1X settings on the device, but there are ways to get around this.
Why are legislators considering going to Congress for access to our cell phones? What has changed recently to motivate these demands for legislative changes?
While the capability to remotely wipe data from lost or stolen mobile phones may help CIOs sleep at night, it may be an outdated approach to BYOD security.
Mobile device management (MDM) helps bring a level of security to employee devices—but it's not the whole answer.
Confidential company data can make their way onto mobile devices, where they’re no longer under the protection of your toughest network defenses. Does that make your data vulnerable? To find out, review some strategies for preventing data loss on mobile devices.
Building Sustainable Mobile Security Policy
The key to securing mobile devices and data is having good policy consistently enforced through technology:
Frustrated employees will figure out how to get around disruptive and clunky security procedures. Here’s how three organizations created secure and seamless mobile experiences for end users.
These seven tips will help you secure your mobile environment without placing a burden on your workforce.
Your workers' smartphones could be the weakest link in your security plan. Here's how to protect the devices and secure the data.
Mobile is the new endpoint in IT. But organizations are still struggling with mobile security. Aaron Rhodes of Neohapsis lists five steps to take when developing a corporate mobile security policy.