Security compliance often varies from organisation to organisation due to varied industry regulation as well as internal security policies and procedures. We often see organisations attempt to repurpose security frameworks from the PC world and apply them to mobile. Mobile is fundamentally different than other enterprise technology and therefore requires a revised approach to security policies and countermeasures.
Security compliance in the mobile era
Retail breaches of consumer payment data continue to occur. But those organizations that embrace mobile now have a way to automatically mitigate these threats. In mobile, retailers can leverage enterprise mobility management (EMM) to identify threats and automatically take action to mitigate a breach. EMM enables organizations to isolate a hacked device by blocking it on the network or even wiping the device to remove its data.
Adapting security for real-time mobile data access
In order to adapt security compliance to mobile, organisations must first understand the threats unique to mobile apps, content and devices. The Top 4 mobile threats are:
- Malicious and risky apps
- Jailbroken (iOS) or Rooted (Android) devices (the acquisition of complete administrator rights on the device)
- User data loss (Intentional or Accidental)
- Unprotected networks.
Risky apps are those free or paid apps we use everyday in our personal lives and even at work. Enterprises are quickly realizing that many of these apps (about 81% according to Appthority) may have risky behaviors that collect PII information and share GPS, location, email address, or even contact lists with adware sites and other suspicious sources. App Risk Management and App Reputation Services provide the method to understand the risk of the more than 2.5 million apps so organizations can make educated decisions about risk.
Jailbroken or rooted devices present a huge risk to corporate data because, once a device is hacked, the mobile operating system is compromised. Prompt detection and mitigation is key. EMM allows detection to happen both online and offline to allow corporate data to be wiped from the device to mitigate data loss.
The corporate perimeter has become blurred with the introduction of mobile. Combine this an excess of ways to share data; and you have a huge threat to business data loss. Fortunately, with an EMM solution, a variety of controls exist to control this data sharing at the device level or the app level through secure access to and protection of the corporate data.
As long as users travel and connect to unsecured, open WiFi networks, we’ll have hijacking threats allowing interception of sensitive data. Fortunately with user or device certificates, organisations can leverage per-App VPN connections and end-to-end session trust to protect data-in-motion and ensure that users’ data is not hijacked.
Be proactive, be prepared
Mobile enables security through its many inherent security controls and organisations are increasingly adding EMM for additional security and management capabilities. When applying IT Security controls to mobile, it’s important to first understand the fundamental differences between mobile and the legacy PC world. The majority of these controls can be provided natively by EMM and APIs already exist to integrate with existing security infrastructures. No company wants to be the next breach headline, so it’s always important to incorporate both proactive and reactive security controls. Being prepared will allow an organisation to achieve compliance, but also minimise the threat of a data breach.
To truly understand what you need to know about your own systems and defences, you can also learn more at London’s Cyber Security EXPO, co-located with IP EXPO Europe, taking place in October 2014.