Tips for Enterprise Mobility Security from Mantralogix
Recently, Dell released an infographic about mounting security concerns around the Bring Your Own Device (BYOD) movement. This infographic highlights the dissonance between how the IT world is moving fast towards BYOD in their enterprises, yet the security and data protection aspect has been lagging. Companies need to find tools that will allow mobile workers to truly embrace BYOD with secure access to the critical business data they need at any time, in any place and specifically on their own devices.
From the above-mentioned infographic the top 5 concerns for mobile security are:
1. Lost or stolen devices – 78%
2. Users forwarding corporate information to cloud-based storage services – 36%
3. Mobile malware on applications from public app stores – 34%
4. Penetration of corporate Wi-Fi networks – 32%
5. Security at public hotspots – 26%
We’re at the point now where company data is undoubtedly going to be spread out on personal devices within your company. The next step is to figure out the safest way to protect that data. According to this survey, encryption could be the easiest and best way to ensure that the company data on personal devices is kept secure. By 2015, 10% of IT security enterprise product capabilities will be delivered in the cloud, and by 2016 cloud-based security services marked will be valued at 4.2 billion.
The endless possibilities of the BYOD rush shouldn’t be held back by the fear of data security. With it becoming such a large part of our working worlds, confidence in these tools is paramount, and truthfully, there does not seem to be a way around it. Is the answer a company-specific data security app (that so many companies seem to be going towards these days), or maybe virtualization and secure redisplay technologies? According to this article,
“This day is coming soon when you’ll be able keep all of your valuable data and apps running in the back end IT systems of the enterprise, instead of on a smartphone or tablet, with the ability to replicate a mirror image of these key assets/tools onto the device itself.”
With virtualization, IT admins will be able to better regulate user access to company data “within specific geographical endpoints (geofencing)”. Meanwhile as we are waiting for these different approaches to take form, here are some tips for enterprise mobility security from Mantralogix (including some control objective tips) for you to try out:
1. Enforce strong password practices to protect from unauthorized use of the device. This includes: resisting repeated characters, enforcing minimum and maximum characters for passwords, setting an auto-lock feature on devices and allowing a grace period for device lock with a time span of 1 minute. Another good tip is to implement a “maximum failed password attempt” control that limits the amount of times one can attempt to access an account.
2. Network segregation is a great way to control access to company systems through BYOD. Creating a guest network will limit the risk of access to the internal network.
3. Application security: ensure that the applications being used are of high quality and from a reputable source. Avoid use of all untrusted applications. To ensure this, make sure that all apps being used are downloaded from an app store where applications are tested and then placed on the server. Create a black and white list of apps to make this easier for your employees to follow.
4. Maintain logs to help monitor any unauthorized activities.
And finally, don’t forget:
5. Do a periodic audit! Audits are best done at a minimum of twice a year to ensure that the controls you have put in place are working accordingly.