White Paper. Data Security. The Top Threat Facing Enterprises Today

Similar documents
White Paper. Data Security. journeyapps.com

Kaspersky Security for Mobile

Guideline on Safe BYOD Management

I ve been breached! Now what?

Internet threats: steps to security for your small business

Securing Corporate on Personal Mobile Devices

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

The Impact of Wireless LAN Technology on Compliance to the PCI Data Security Standard

Mobile Device Management

BYOD and Mobile Device Dependency

Hands on, field experiences with BYOD. BYOD Seminar

Data Protection Act Bring your own device (BYOD)

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Anatomy of a Healthcare Data Breach

{ipad Security} for K-12. Understanding & Mitigating Risk. plantemoran.com

DISCOVER, MONITOR AND PROTECT YOUR SENSITIVE INFORMATION Symantec Data Loss Prevention. symantec.com

Protecting What Matters Most. Terry Ray Chief Product Strategist Trending Technologies Session 11

What Is BYOD? Challenges and Opportunities

Technical White Paper. The JourneyApps Platform. journeyapps.com

TechnoLabs Software Services Pvt Ltd. Enterprise Mobility - Mobile Device Security

How To Protect Your Mobile Devices From Security Threats

A Guide to MAM and Planning for BYOD Security in the Enterprise

The Workplace of the Future and Mobile Device Risk ISACA Pittsburgh. May 20 th, 2013

Network/Cyber Security

10 best practice suggestions for common smartphone threats

Mobile Device Strategy

Use Bring-Your-Own-Device Programs Securely

My CEO wants an ipad now what? Mobile Security for the Enterprise

BEST PRACTICE GUIDE MOBILE DEVICE MANAGEMENT AND MOBILE SECURITY.

MOBILE SECURITY: DON T FENCE ME IN

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

NATIONAL CYBER SECURITY AWARENESS MONTH

10 Smart Ideas for. Keeping Data Safe. From Hackers

Security and Privacy Considerations for BYOD

Mobile Security: Controlling Growing Threats with Mobile Device Management

Better secure IT equipment and systems

The State of Mobile Application Insecurity

How to Practice Safely in an era of Cybercrime and Privacy Fears

A Database Security Management White Paper: Securing the Information Business Relies On. November 2004

Cyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY

Five Best Practices for Secure Enterprise Content Mobility

Cyber Security. An Executive Imperative for Business Owners. 77 Westport Plaza, St. Louis, MO p f

Security and Compliance challenges in Mobile environment

Mitigating Bring Your Own Device (BYOD) Risk for Organisations

EasiShare Whitepaper - Empowering Your Mobile Workforce

Embracing BYOD. Without Compromising Security or Compliance. Sheldon Hebert SVP Enterprise Accounts, Fixmo.

Impact of Data Breaches

How Technology Executives are Managing the Shift to BYOD

AB 1149 Compliance: Data Security Best Practices

Ensuring HIPAA Compliance with AcclaimVault Online Backup and Archiving Services

Answers to these questions will determine which mobile device types and operating systems can be allowed to access enterprise data.

Mobile Security Standard

How To Secure Your Mobile Devices

Managing Mobility in the BYOD Era:

MAXIMUM PROTECTION, MINIMUM DOWNTIME

ITAR Compliance Best Practices Guide

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.

Mobile Device Security Information for IT Managers

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

Mobile Checklist: Preparing for Building an Enterprise App

Elevation of Mobile Security Risks in the Enterprise Threat Landscape

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

Sample Employee Agreement for Business Use of Employee-Owned Personal Computing Devices (Including Wearables 1 )

Cyber Security. John Leek Chief Strategist

12 Security Camera System Best Practices - Cyber Safe

Reducing the Cost and Complexity of Web Vulnerability Management

MOBILITY & INTERCONNECTIVITY. Features SECURITY OF INFORMATION TECHNOLOGIES

Driving Company Security is Challenging. Centralized Management Makes it Simple.

Hard vs. Soft Tokens Making the Right Choice for Security

Data Access Request Service

Remote Access Securing Your Employees Out of the Office

Case Study: Fast Food Security Breach (Multiple Locations)

Ensuring HIPAA Compliance with Computer BYTES Online Backup and Archiving Services

Say Yes to BYOD How Fortinet Enables You to Protect Your Network from the Risk of Mobile Devices WHITE PAPER

PCI Compliance for Healthcare

Five Best Practices for Secure Enterprise Content Mobility. Whitepaper Five Best Practices for Secure Enterprise Content Mobility

Building A Secure Microsoft Exchange Continuity Appliance

BOYD- Empowering Users, Not Weakening Security

Whitepaper. Dangerous File-Sharing. Survey Demographics. Certain File-Sharing Practices Put Sensitive Corporate Data at Risk

SECURITY OF HANDHELD DEVICES TAKE CONTROL OF THE MOBILE DEVICE

Security Practices for Online Collaboration and Social Media

Supplier Information Security Addendum for GE Restricted Data

10 Quick Tips to Mobile Security

Issues in Information Systems Volume 16, Issue III, pp , 2015

BYOD: Should Convenience Trump Security? Francis Tam, Partner Kevin Villanueva, Senior Manager

National Cyber Security Month 2015: Daily Security Awareness Tips

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

HELPFUL TIPS: MOBILE DEVICE SECURITY

Nine recommendations for alternative funds battling cyber crime. kpmg.ca/cybersecurity

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR

Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation. By Marc Ostryniec, vice president, CSID

White Paper. Protecting Mobile Apps with Citrix XenMobile and MDX. citrix.com

Open an attachment and bring down your network?

Mobile computing. Does your organisation have any safe options? The better the question. The better the answer. The better the world works.

5th Annual State of Application Security Report Perception vs. Reality

BYOD: End-to-End Security

How to Secure Your Environment

Auditing After a Cyber Attack JAX IIA Chapter Meeting Cybersecurity and Law Enforcement

Control Issues and Mobile Devices

Transcription:

White Paper Data Security The Top Threat Facing Enterprises Today

CONTENTS Introduction Vulnerabilities of Mobile Devices Alarming State of Mobile Insecurity Security Best Practices What if a Device is Lost or Stolen? Further Recommendations Mobile Device Management (MDM) Mobile Application Management (MAM) Dual Persona Approach Looking Forward About JourneyApps 01 02 03 03 04 04 04 05 05 05 06

Data Security: The Top Threat Facing Enterprises Today Mobile devices are ubiquitous and are enabling enterprises to be more productive and efficient than ever before. But they also pose a great threat to the data security of companies as devices have access to sensitive information such as business plans, intellectual property and personal information. The threat to data security is growing daily, and enterprises have reason to be concerned. A whopping 63% of enterprises surveyed, listed security as their biggest current concern. According to a recent IDG Enterprise survey, security is currently the top mobility challenge facing enterprises. A whopping 63% of enterprises surveyed, listed security as their biggest current concern. The top challenges with regard to ensuring and maintaining security of mobile data are: Data leak prevention (52%) Intrusion detection/prevention (48%) Managing access to data (48%) Preventing data loss due to lost mobile devices (47%) With so many threats to mobile security, it is understandable why a great deal of companies have been affected by data breaches. In a report commissioned by the security firm Lookout, almost three-quarters (74%) of the major firms surveyed said that they had suffered a mobile breach. Unsurprisingly, the ability to meet security requirements is now a critical factor when evaluating possible mobile vendors. The Lookout study was based on a survey of 100 IT leaders and IT security executives at companies from a range of industries with an average of 23,000 employees. An important point raised in the results, was that companies often don t discover security vulnerabilities until it is too late. One of the respondents, an IT leader of a mid-level professional services organization, tells of how they only discovered a breach more than a month after it had occurred. It initially appeared as if someone was leaking sensitive data, but eventually malware was discovered on a company-owned mobile device used by one of their executives. According to the IT leader mentioned above, they are still going through the due diligence process to determine the particulars around how the malware ended up on this device. However, it definitely opened our eyes to the dangers of allowing users to access data from their mobile devices. 01

Vulnerabilities of Mobile Devices According to the Lookout report, the most common issues encountered by companies in the past were: Mobile apps that contained security vulnerabilities Apps containing malware Unsecured Wi-Fi connections The installation of malware is a common cause of data breaches, and phones are now more likely to be hacked than ever before. If malware is opened, it exposes corporate data via the device. Malware can spread when employees download games, click on untrusted links or connect to free Wi-Fi. Recent examples of vulnerabilities include the ios malware XcodeGhost, which made its way into the ios App Store and steals data and personal information from devices. Another example is Stagefright 2.0, which allowed hackers to take over Android devices remotely. It is estimated that more than 1 billion Android devices were made vulnerable by this malware. Device loss and theft is another cause for concern. Employees who use mobile devices can work remotely and this can greatly increase productivity. Some enterprises issue employees with company devices, while others employ a Bring Your Own Device (BYOD) policy. BYOD policies save companies money and can increase employee satisfaction, as employees sometimes prefer to work on their own mobile devices rather than on company-issued devices. It also lowers the strain on IT departments as the responsibility for maintenance and upkeep lies with the employee. And the likelihood of employees working after hours also increases. Putting devices into the hands of employees increases the risk of loss and theft, which can lead to a breach in security. But putting devices into the hands of employees increases the risk of loss and theft, which can lead to a breach in security. Whether devices are company-owned or BYOD, they should be treated in the same way, from a security perspective, as desktop computers. 02

According to Forbes, enterprise IT departments still devote almost three quarters of their security resources to perimeter controls, and this is no longer the right balance. People, devices, and data are the new perimeter, according to Naresh Persaud, senior director of Oracle s security product marketing. Mobile devices are more vulnerable and enterprises should apply security measures at device level, application level, as well as data level. Alarming State of Mobile Insecurity Building security into mobile apps is not top of mind for companies, giving hackers the opportunity to easily reverse engineer apps, jailbreak mobile devices and tap into confidential data. What is very worrying, is the fact that nearly 40% of large companies, including many Fortune 500 companies, aren t taking the right precautions to secure the mobile apps that they build for customers. According to a study by IBM Security and the Ponemon Institute, organizations are poorly protecting their corporate and BYOD mobile devices against cyber-attacks and this opens the door for hackers to easily access user, corporate and customer data. With a growing security threat, it is surprising that so few companies conduct proper testing on apps that they build. The Ponemon Institute and IBM Security study looked at the security practices in over 400 large organizations and found that the average company tests less than half of the mobile apps that they build. Also, 33% of companies never test apps and 50% of organizations devote no budget towards mobile security. Companies spend more money after data is stolen than they are spending to secure data in the first place. Building security into mobile apps is not top of mind for companies, giving hackers the opportunity to easily reverse engineer apps, jailbreak mobile devices and tap into confidential data, said Caleb Barlow, Vice President of Mobile Management and Security at IBM. Among organizations surveyed, an average of $34 million was spent annually on mobile app development, but only 5.5% of this budget is being allocated to securing apps against cyber-attacks before making them available to users. 03

In 2014 alone, over 1 billion pieces of personally identifiable information were compromised as a result of cyber-attacks, according to IBM X-Force research. Given the growing data security threat and the alarming state of mobile insecurity, it is no surprise that companies will be stepping up their investments in mobile security infrastructure over the next year. Security Best Practices In 2014 alone, over 1 billion pieces of personally identifiable information were compromised as a result of cyber-attacks. There are many steps that enterprises can take to secure their data. When choosing a hosting solution, enterprises should choose a provider with world-class security measures and certifications for infrastructurelevel security. All cloud servers should have protections and access controls built in to ensure that no unauthorized access to data can occur. Data should be backed up at least daily, encrypted and stored off-site in a secure data centre. Enterprises should also think carefully about who will have access to data. Access and security policies for staff performing maintenance on infrastructure should conform with the highest industry security standards. Hosting solutions should make use of audit trails so that any data modifications are recorded and can be retraced. Furthermore, servers should be equipped with firewalls to restrict network access, and they should be penetration-tested. Operating system upgrades, patches and infrastructure software updates should be applied on a regular basis. Lastly, all communication between mobile devices and servers should occur over a Transport Layer Security (TLS) encrypted channel and data should be protected in various states: At rest in the cloud, on the device, as well as in transit. 04

What if a Device is Lost or Stolen? One of the weakest links in the security chain is still the user. Luckily there are various ways to secure data if a device is lost or stolen to ensure that unauthorised people don t get access to sensitive company information. Enterprises can configure operating system level security settings on mobile devices. This includes requiring a user to authenticate using a PIN code every time when the screen is unlocked, as well as wiping the device if a predefined number of incorrect PIN attempts are made. The entire file system can also be encrypted to make sure that unauthorized users don t get access. Further Recommendations Maintaining appropriate levels of data security will remain one of the biggest challenges for enterprises in the future. Enterprises can also use third party Mobile Application Management (MAM) or Mobile Device Management (MDM) services, or Dual Personas, to further increase security. MDM is used to ensure that employees do not breach corporate policies and can apply virtual geographic limits for devices. This includes monitoring capabilities that allow enterprises to track and report on information about mobile devices across the enterprise of both company owned and BYOD devices. It also allows enterprises to remotely wipe data or locate devices. MAM enables IT administrators to distribute, update and manage secure applications, as well as configure apps and provision users. MDM and MAM solutions should install malware protection on the device that scans for viruses and quarantines affected applications and files on devices. If companies do enforce a BYOD policy, they can use a Dual Persona Approach. This means on one device there can be a work persona for all work-related tools and communications, and a separate one for personal communication. Organizations can secure work-related content and comply with security policies, and also remotely wipe only work-related content. By doing this, the organization respects the employee s privacy and can even create separate phone numbers for work and personal use. 05

Looking Forward Mobile devices are rapidly becoming productivity tools and have access to large amounts of enterprise data, and it could be detrimental to a business if security is compromised. Various threats and vulnerabilities are appearing daily. Hackers often target mobile devices and employees sometimes lose devices or click on malicious links or download malicious software. Enterprises should combine security measures on app, device and data level. They should ensure that data is encrypted and that only authorised users have access. They should also have contingency plans in place for when devices get lost or stolen. Maintaining appropriate levels of data security will remain one of the biggest challenges for enterprises in the future. 06

About JourneyApps At JourneyApps we build mobile apps that are customised to suit your unique business processes. If you have a mobile workforce, we can help you find efficiencies and address specific business challenges. The JourneyApps mobility platform helps you build robust applications on Android, ios and Chrome. We have years of experience in building mobile apps and understand your needs. Our team of engineers will help you brainstorm around your processes and will provide a simple and easy-to-use solution. And we build fast, so we will assist you in proving success quickly and can iterate and deploy on-the-go. We have deployed solutions in sectors such as financial services, asset management, logistics, field service, healthcare, agriculture and market research. Each month thousands of people use JourneyApps solutions and tens of thousands of documents, such as job cards, delivery notes, and incident reports are processed. Enterprises can rest assured that their data is safe with JourneyApps. We adhere to the highest security standards built into the JourneyApps Platform, meaning all apps built on the JourneyApps Platform benefit from these world-class security measures by default. If you you are interested in the technical details of how JourneyApps protects your data, read our Technical Data Security White Paper. You can also talk to one of our mobility experts today about how we can help your mobile workforce become more efficient. Learn more about JourneyApps hello@ 07

Creating business solutions with mobile apps. Fast. United States 973 E. San Carlos Ave. San Carlos California 94070 Phone: +1 (650) 353-3292 South Africa Unit 109, Block C Bosman s Crossing Square Distillery Road Stellenbosch, 7599 Phone: +27 (0)21 880 8250 Australia Level 20, Tower 2 201 Sussex Street Sydney 2000 Phone: (+61) 1300 780 319

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information