Four steps to developing a secure mobile enterprise
Mary Forlenza 270001BN8C MARYF@US.IBM.COM | | Tags:  mobile_security mobile_enterprise mobile mobile_applications
0 Comments | 5,427 Visits
Guest post by Darren Argyle, IBM Worldwide Security Solutions Leader.
What if I told you that there is no such thing as mobile security? Well its true, there isn’t; there’s only risk reduction. But how you go about reducing the risks in your mobile enterprise requires an approach that places security at the very heart of your overall strategy. With so many organizations having mobile enterprise deployments underway, one would hope that security had been a key consideration and that the risks are being managed properly. So has it?
In 2012 we saw a significant rise in mobile deployment projects. At the beginning of the year most organizations I talked to were taking a cautious approach to enterprise-wide mobile deployments, in particular bring-your-own-device (BYOD). While increasing workforce efficiency and productivity are two of the top drivers for adopting mobile initiatives like BYOD, security remains a barrier to adoption. But this cautious approach based on security concerns has been evolving. While speaking at conferences last year, I would ask attendees, “How many of you have your own device, are allowed to use it at work, and can access some business applications?” At the start of the year, about 30% raised their hands, mid-year about 50% and, near year end, close to 80% raised their hands.
So, despite concerns about security, it’s clear many organizations have taken a leap of faith, often due to sustained pressure from the c-suite executive team, demanding that their new smart phone or tablet be enabled for use at work, especially when they are traveling. This is not the ideal group of people you’d want to run your pilot with, but their demands are not easily ignored, and so these were some of our early adopters. Typically these BYOD pilot projects first enabled access to be granted to email, both corporate and personal, then some business apps, with the key objective being to allow both a personal and business experience in a single form factor in the workplace. Many of these first pilots have now extended access to additional business capabilities for a much wider population of their end users. Mobile device management software has become the de facto solution to control an employee’s device – but, on its own, does that make it secure and does it prioritize a flexible user experience?
Increasing flexibility while reducing risk
With employees increasingly choosing their mobile devices as the primary productivity tool and form factor for the workplace, this presents a real challenge for IT departments. How can they regain control and maintain policies? As one chief information security officer (CISO) for a global enterprise put it to me, “It’s like closing the stable door after the horse has already bolted.” Employees want to keep this flexibility, access increasingly more information to serve themselves and their customers/partners better, and they want to do this anytime and from anywhere. So how do you allow greater flexibility, while at the same time reduce risk to the business?
Fundamentally, it always comes back to a basic information security management principle of protecting the data wherever it flows, in use, at rest or in motion over networks and infrastructure. Applying good old-fashioned security practices and standards is important for the protection of data. You can extend much of what you already apply today for existing endpoints, for example, PCs, servers and laptops, but consider what is different and specific to a mobile device. Security enforcement points on the device, at the network and in the mobile app are required to provide a layered approach to risk reduction.
Consider these four steps to achieving a secure mobile enterprise:
A “secure” mobile enterprise provides the opportunity for business to innovate with confidence, be more agile, get closer to its customers and be faster to market. Read more about the four steps for mobile security and the latest mobile threat landscape in this white paper. Also, please engage with me directly for further discussion on twitter @D_Argyle.