Steps for achieving proper mobile security governance

How do you keep mobile security intact as devices proliferate? Consultant Robert Zhang breaks down the keys to success

Advanced mobile devices--iPhone, BlackBerry and other handhelds--have created a growing wireless mobility environment for business, personal communication and entertainment. However, their growing use has also led to a faster increase in the depth and breadth of mobile security threats.

Using a mobile device to access corporate information systems can potentially create a hole to corporate security if not protected and used properly. In a recent report from CSI, the theft or loss of corporate proprietary and customer information by mobile devices is nearly half of all sources. Data breaches are real to nearly every organization of virtually any size, from the big multinational corporation to the small to medium business, including device loss, theft, misuse, and unauthorized access to corporate network and data disclosure.

Enjoying many advantages in productivity, efficiency and flexibility, many current security efforts in organizations may lag behind exposures and risks. Organizations are either not fully aware of existing security issues facing the organization or simply treating these issues as a sole IT task. Very likely, such issues often remind IT managers to look into a number of technologies or software tools, such as firewall, antivirus software, file encryption, etc. Not surprisingly, this often leads to an insufficient or failed effort. Merely focusing on technologies cannot conquer the organization's weaknesses in employees' behavior, and inherent gaps in policy and management processes.

Rapid development of mobile technologies and applications has increasingly changed the way organizations do business, as well as their risk management environment. To effectively minimize an organization's security risks requires a corporate wide effort in security strategy, policy development, employee training and revised IT infrastructure. Here are five steps of how to achieve effective mobile security governance:

Knowing Your Mobile Environment Risks

Using mobile devices to get a job done anywhere as you move is a great benefit to many organizations. But the reality is that organizations at the same time also face a variety of unprecedented exposures and risks. These risks are a result of potential exploitations of weaknesses in technology, organization and its employees. Each year, millions of mobile devices are lost, stolen or discarded with personal information still in device memory. Loss of a mobile device that contains personal identity and network access credentials opens an organization for unauthorized network access and intrusion. Mobile data disclosure of business confidential information and personal records puts an organization at high risk of legal and regulatory compliance.

To develop an effective mobile security strategy, it is essential to understand an organization's mobile security risk profile. The fundamental questions include:

* What are the corporate mobile data assets that require protection?

* What, how and where the corporate data systems are accessed by mobile employees?

* How mobile devices are being used, protected and managed?

* Do employees know the procedures in responding to an incident?

To fully determine an organization's mobile security posture, a comprehensive security assessment against an organization's specific business environment is needed.

Join the CSO newsletter!

Error: Please check your email address.

Tags mobile securitygovernance

More about BlackBerryetworkIMSISM

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Robert Zhang

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place