Building a Comprehensive Mobile Security Strategy

Similar documents
Why Encryption is Essential to the Safety of Your Business

White Paper. Data Security. The Top Threat Facing Enterprises Today

EXECUTIVE SUMMARY Cloud Backup for Endpoint Devices

DISCOVER, MONITOR AND PROTECT YOUR SENSITIVE INFORMATION Symantec Data Loss Prevention. symantec.com

CIBECS / IDG Connect DATA LOSS SURVEY. The latest statistics and trends around user data protection for business.

Readiness Assessments: Vital to Secure Mobility

Preparing your network for the mobile onslaught

How To Protect Your Mobile Devices From Security Threats

Securing Patient Data in Today s Mobilized Healthcare Industry. A Good Technology Whitepaper

Nine Network Considerations in the New HIPAA Landscape

W H I T E P A P E R E m b r a c i n g C o n s u m e r i z a t i o n w i t h C o n f i d e n c e

Cloud Backup and Recovery for Endpoint Devices

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Everything You Need to Know About Effective Mobile Device Management. mastering the mobile workplace

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Assuring Application Security: Deploying Code that Keeps Data Safe

BYOD BEST PRACTICES GUIDE

Top 5 Reasons to Choose User-Friendly Strong Authentication

PCI Solution for Retail: Addressing Compliance and Security Best Practices

Preemptive security solutions for healthcare

If you can't beat them - secure them

Data Security: Fight Insider Threats & Protect Your Sensitive Data

Simplifying the Challenges of Mobile Device Security Three Steps to Reduce Mobile Device Security Risks

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

How To Support Bring Your Own Device (Byod)

BYOD: Should Convenience Trump Security? Francis Tam, Partner Kevin Villanueva, Senior Manager

Teradata and Protegrity High-Value Protection for High-Value Data

Samsung Mobile Security

Security solutions White paper. Acquire a global view of your organization s security state: the importance of security assessments.

Survey findings. Executive Summary. Subject: BYOD

MSP Relevance. MSP Relevance. the Era of Cloud Computing. the Era of Cloud Computing. Brought to You By: A Channel Company White White Paper Paper

Securing the Microsoft Cloud

Top Ten Technology Risks Facing Colleges and Universities

10 Smart Ideas for. Keeping Data Safe. From Hackers

A HELPING HAND TO PROTECT YOUR REPUTATION

PCI Data Security Standards (DSS)

10 Hidden IT Risks That Might Threaten Your Law Firm

Reducing Cyber Risk in Your Organization

The Convergence of IT Operations

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

Cybersecurity Strategic Consulting

2012 NCSA / Symantec. National Small Business Study

Internet Content Provider Safeguards Customer Networks and Services

BYOD Strategy - Advantages and Disadvantages

BYOD & MOBILE SECURITY

Simplifying the Challenges of Mobile Device Security

Consumerization. Managing the BYOD trend successfully. Harish Krishnan, General Manager, Wipro Mobility Solutions

5 Must-Haves for an Enterprise Mobility Management (EMM) Solution

Is your business secure in a hosted world?

Say Yes to BYOD How Fortinet Enables You to Protect Your Network from the Risk of Mobile Devices WHITE PAPER

Cisco SAFE: A Security Reference Architecture

Protecting Your Data On The Network, Cloud And Virtual Servers

A Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards

Enabling Seamless & Secure Mobility in BYOD, Corporate-Owned and Hybrid Environments

Best Practices in Mobile Device Management (MDM) Assoc. Prof. Dr. Thanachart Numnonda Executive Director IMC Institute

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

CA Enterprise Mobility Management MSO

CREATING AN EFFECTIVE SUPPORT PLAN FOR BYOD: A BEST PRACTICE GUIDE

10 Threats to Successful. Enterprise Endpoint Backup

What is Penetration Testing?

Kaspersky Security for Mobile

Driving Company Security is Challenging. Centralized Management Makes it Simple.

Building a BYOD Strategy For Education

Encryption, Key Management, and Consolidation in Today s Data Center

Protecting personally identifiable information: What data is at risk and what you can do about it

WHITE PAPER. Managed Security. Five Reasons to Adopt a Managed Security Service

Transcription:

WHITE PAPER Building a Comprehensive Mobile Security Strategy A key to safeguarding data and apps is finding the right partner. protecting mobile environments has become more complex. Fortunately, solutions and services are available that can help organizations address the increasingly difficult task of securing their mobile environments. The key is to find an experienced and reliable partner that can help not only with security product selection but with the implementation and ongoing maintenance of the tools as well. The importance of putting a strong mobile security strategy in place cannot be overstated. With the large and growing number of smartphones and tablets in the workplace and the rise of bring-your-own-device (BYOD) programs at organizations, enterprises are facing a significant risk management challenge that must be addressed. As companies rely more heavily on mobile devices and apps for critical business functions, there is admittedly an increased sense of urgency to get mobile security right. Many are implementing security tools and policies that can help keep valuable corporate data safe from loss or theft. But there s plenty of room for improvement in mobile security efforts, according to a 2014 survey from IDG Research Services. Getting it right is no easy feat. Attacks against networks and applications have grown more sophisticated, and» Current State of Mobile Security Clearly, information security remains a high priority for many organizations. New data from research firm Gartner Inc. shows that worldwide IT security spending will reach $76.9 billion in 2015. The increasing adoption of mobile technology, cloud services, social media and big data/analytics will drive the use of new security technology. The need for better mobile security is particularly acute. In another recent report, Gartner notes that through 2015 more than 75 percent of mobile applications will fail basic security tests. That s while workers can easily download mobile applications to access corporate networks or support business functions. As a result, companies are exposed to attacks and violations of their corporate security policies. Those organizations that embrace mobile technology and launch BYOD programs are vulnerable to security breaches unless they deploy methods and technologies for mobile application security testing and risk assurance, reports Gartner. However, most companies lack experience in mobile application security, with testing often conducted casually by developers who are focused mainly on enhancing application functionality. By 2017, the Gartner report predicts, the focus of endpoint security breaches will transfer to devices such as smartphones and tablets. Already there are three attacks on mobile devices for every one attack on a desktop machine.

2 MOBILE SECURITY STRATEGY And through that year, the firm predicts, three-quarters of mobile security breaches will be the result of mobile application misuse such as the use of personal cloud services through apps on smartphones and tablets.» Building a Mobile Security Strategy Despite the potential threats, mobile strategies are expanding at organizations of all sizes in all types of industries, and mobile devices and apps are continuing to play an increasingly important role in corporate IT strategies although organizations still struggle with several persistent challenges. That s the primary finding of the 2014 survey by IDG Research Services. According to the IT and security professionals surveyed, improving employee and process productivity is the main driver of investments in mobile solutions for about a quarter of the respondents. Other reasons for adoption include bringing more business value to customers, reducing costs and boosting employee satisfaction. Biggest Concerns Regarding Mobile Security Data leakage Lost or stolen devices Unsecure network access Malware on devices Unsecure Wi-Fi 41% 53% 56% The High Museum of Art in Atlanta, for example, is relying increasingly on mobile technology for its operations, including accommodating the needs of customers who prefer mobile platforms for conducting interactions. We have been solely focused on providing better mobile services to our customers and have seen an increase of over 200 percent [in online ticket sales] from our customers through the mobile channel, compared to our offerings when we didn t provide a mobile-optimized experience, says Adam Fenton, Web manager at the museum. 71% 74% Companies today have numerous concerns when it comes to the security of mobile devices such as smartphones and tablets and the apps and data they house. Data leakage tops the list for about three-quarters of the survey respondents. This shouldn t be surprising, given that the information stored on devices such as customer contacts and interactions with clients and colleagues is often highly valuable to companies. Device loss or theft is close behind on the list of mobile security concerns for a strong majority of the respondents. We enable kill switches where possible and mostly ignore the other risks of device theft, says Leif Johnston, managing partner at Technology Catalyst, a technology consulting firm in Fredericksburg, Va. Although we require notification of device loss, we trust and hope that we can kill access. It s not a great answer, since some data persists, but we don t have a technical requirement to do more. These top two concerns are followed by unsecure network access, malware on devices and unsecure Wi-Fi. We re primarily concerned about breaches due to malware and spyware on employee-owned devices, says Fenton. We re seeing increased access to our network from non-work-supplied computers on which we don t have control over security settings. Interestingly, most survey respondents indicated that the protection of all aspects of mobile security was either critical or highly important, but the protection of data again seems to stand out. For example, 87 percent of the respondents said that data protection is a critical or high priority, compared with 71 percent who feel the same about network protection, 61 percent about devices/endpoints and 54 percent about applications. A huge majority of the respondents are from organizations that have created formal mobile security strategies. In fact, only 13 percent are unsure of what s included in the strategy or are from organizations that do not have a formal strategy in place. For those that do have a strategy, the most common components are policies that govern device usage, data access and permissions outlining which data can be accessed via mobile devices and Wi-Fi usage. Given the rise of BYOD, it should not be surprising that device and application usage policies are important to companies.

3 MOBILE SECURITY STRATEGY Mobile Security Solutions % Currently or Planning to Deploy User or system authentication 72% 18% 9% 1% 90% Data encryption 53% 24% 17% 6% 77% MDM (mobile device management) Antivirus protection Installed a full VPN on mobile devices Data loss prevention (DLP) Host intrusion prevention 50% 58% 40% 30% 40% 29% 19% 16% 24% 22% 4% 14% 25% 3% 32% 9% 33% 8% 35% 9% 74% 72% 59% 59% 56% Larger organizations (1,000 or more employees) are significantly more likely than others to have host intrusion protection in place (47% versus 19%) Currently in place Planning to deploy over the next 12 months No immediate plans to deploy Don t know Organizations have a variety of mobile security solutions in place or on their radar. User or system authentication is by far the most common, with 90 percent of companies using it or planning to deploy it. Again, with so many employees using their own devices to access corporate networks and data, it makes sense that authentication would be indispensable. Data encryption, mobile device management and antivirus protection are also prevalent, whereas virtual private networks, data loss prevention and host intrusion prevention are less commonly used. Companies see several business benefits to be gained by ensuring the security of mobile data and applications. The protection of customer, customer or patient data was most often cited by survey respondents (80 percent). Maintaining compliance and being prepared for compliancerelated audits proved to be a distant second. Other benefits cited include protection of intellectual property, protection of the company s reputation, preventing or detecting advanced threats, avoiding downtime or outages and avoiding litigation. For the High Museum of Art, among the biggest benefits of mobile security is the ability to comply with the Payment Card Industry Data Security Standard (PCI DSS) and therefore lessen the risk and potential penalties of not conforming, Fenton says.» Challenges to Overcome As the research data indicates, many organizations have made valiant efforts through a variety of technology implementations and the creation of usage policies to bolster security for their mobile environments. But the task of ensuring that these fast-growing mobile environments are truly secure can be complex and fraught with challenges. As a result, existing mobile security efforts have not been sufficient, in many cases, to safeguard data. We do not look below the application layer and might be at risk there, Johnston says. My biggest concern is whether the kill switch idea is implemented effectively and controlled well. I don t think we are there yet, although we have triggered one kill on a lost device that was found after being stolen. The survey data bears this out. For example, companies confidence in their current mobile security measures is fairly low across the board, most dramatically regarding the prevention of malware attacks. But that s hardly the only area where confidence is lacking. This is also the case with the prevention of data leaks to unauthorized third parties or applications, prevention of access to the Internet via unencrypted public wireless access points and data protection when mobile devices are lost or stolen. In terms of improving on those confidence levels, orga-

4 MOBILE SECURITY STRATEGY nizations say they face several challenges. At the top of the list is the cost of maintaining security (cited by 63 percent of the respondents). That shouldn t come as a surprise, considering how many organizations are up against tight technology budgets. As important as security is, security expenditures often get scrutinized when it comes to doling out funds. Most Challenging Aspects of Mobile Security Cost/budget Providing securty across multiple mobile platforms Finding the right technology Developing mobile security strategy Finding and sourcing the right IT security skill sets Gathering security requirements Other significant challenges loom: providing security across multiple mobile platforms (cited by 54 percent), finding the right technology (45 percent), developing a mobile security strategy (39 percent) and finding and sourcing the right IT security skill sets (37 percent). Interestingly, several of the challenges cited in the study are related to the need for mobile-security-related skill sets and knowledge. This indicates that many organizations could benefit strongly from outside help when it comes to addressing mobile security challenges. One challenge Fenton cites is the need to educate people about security technology capabilities. The tool sets and functionality offered by one solution may also work for other issues. But unless those capabilities are known by all involved, the opportunity might be missed, Fenton says. The consequence is purchasing a solution that isn t needed. So far we ve been lucky in this regard, primarily due to good communication and the fact that we have a small IT department. 24% 39% 37% 45% 54% 63% But this situation was just recently narrowly avoided at the art museum, because someone at a meeting raised an issue and someone else knew that the solution designated for a different issue was capable of solving this other issue as well, Fenton says. Organizations are a mixed bag when it comes to security for application development. For instance, one-third of the organizations surveyed consider data security from the start of the mobile application development process. But another one-third add security to applications via mobile device management tools or encryption after the fact. Perhaps most concerning: Despite the growing importance of strong security for mobile environments, a majority of the survey respondents (68 percent) said they were only moderately investing in mobile security solutions such as mobile device management, network access control and encryption. In fact, a mere 7 percent said they were making heavy investments in mobile security, and about a quarter of their organizations are making few to no investments in this area. These findings show that, in addition to lacking in-house security expertise, many organizations might not be putting sufficient financial resources into their mobile security efforts.» The Need for a Strong Security Partner Many organizations concede that they cannot go it alone in developing and implementing a mobile security strategy. That s especially true of companies that lack the internal resources needed. In light of the recent large data breaches in the retail industry and other factors related to the security of payment cards, it would be wise to hire a consultant to do a review of our systems, which would include methods for ongoing monitoring and protection against malware on POS [point-of-sale] devices, Fenton says. Lessons and experiences from this process could help drive change and strategy for how mobile technology is supported moving forward. The August 2014 report by Gartner notes that many organizations continue to lack the skills to define, implement and operate appropriate levels of data protection and privacy-specific security controls. This lack of skills leads enterprises to partner with firms that specialize in

5 MOBILE SECURITY STRATEGY data protection and security risk management to address regulatory compliance demands and enhance information security. Not having mobile security expertise in-house would drive 52 percent of the organizations represented by the IDG survey respondents to outsource mobile security. Another 43 percent see cost-effectiveness as a reason for outsourcing. Clearly, business partners experienced in mobile security can help organizations with product and service selections, implementations and ongoing maintenance. They have a deep knowledge of the existing technology and how it can best be applied to an organization s specific needs or weaknesses. When selecting a good partner for security, organizations should look for providers that offer a range of services such as risk assessment, creation of a security program and implementation of vendor solutions. Some companies provide security assessment teams that can work with organizations to identify and prioritize any gaps in their mobile security strategy. It s also important that a security partner embrace a holistic security approach when it comes to mobile environments. For example, when discussing a mobile security About CDW CDW is a leading security solution provider. The company is a trusted third party that can look critically at a company s systems, processes, procedures and policies to help identify weak points and solutions. CDW s approach to security extends to the mobile workforce, ensuring secure protection for your networks, applications, data and devices. Its vendor partnerships with industry-leading brands and its expertise in security technology, including data loss prevention (DLP), help organizations achieve stronger security. Tapping into the leading brands of DLP technology, CDW helps customers secure their core IT environment, identify vulnerabilities, prevent data loss and secure the mobile environment solution, the partner should review opportunities for mobile device management, authentication, encryption, endpoint security, virtual private network architecture and other areas. The security assessment team can help provide a gap analysis with vulnerability testing to ensure that all areas are covered.» Summary and Conclusion: Why Effective Mobile Security Is Vital The explosion in the number of mobile devices and applications continues, and there are no signs that the trend will slow down anytime soon. If anything, with the advent of the Internet of Things, in which many objects will be connected via networks, mobile devices will become even more prevalent. Many companies have addressed some of their mobile security needs, but providing comprehensive strategies that cover a variety of areas remains a struggle for a lot of organizations perhaps because they don t yet have the bandwidth or specific expertise in this evolving environment to do this on their own. Companies that are lacking internal expertise and are concerned about their level of risk should look for a partner with the experience as well as the vendor connections to develop a mobile security strategy that secures devices, the data they carry and the corporate networks they can access. Much is at stake, but with the right partner, companies can rest assured that they are doing everything they can to protect these growing and increasingly important components of their IT infrastructure. To learn more about security hardware, software and services, please visit www.cdw.com/security

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information