Managing the mobile security paradigm

There have been profound changes in recent years in the way that people work. Mobility, virtualisation and globalisation have extensively altered how business is conducted. These changes mean that updated and upgraded security systems are needed to ensure data security.

There are new collaborative methods to help companies manage their information systems, solutions for virtualising information applications and cutting excessive investments are springing up and fresh hardware is delivering more mobility every day. But with these altered usage patterns come new threats and risks to security.

Professional and personal data confusion

Mobility is becoming an increasingly important aspect of business, and workers using devices such as smartphones or tablets to access the corporate network are quickly becoming ubiquitous.

However, there is a trend towards employees bringing their own device to work and using their personal smartphone or tablet for professional as well as personal purposes. This consumerisation of computing, with its permanent connection to the corporate network, increases the potential danger of data leaks if the device is lost or stolen. There is an increased risk of professional/personal data confusion, potentially resulting in legal penalties for the business and serious risk of virus and malware issues, as many personal devices are not properly protected.

Recent technologies such as cloud computing and social networking are helping to create these new usage patterns and ways of sharing information. These changes require a much higher level of transparency. Considering many organisations are increasingly subject to compliance regulations, it is vital to have strong and secure information systems in place. Companies need to identify and protect confidential information and show due care and diligence in protecting this information, not just for their own privacy but also for their customers.

Threats

Threats to companies are proliferating at an exponential rate. On average, there are 2,000 new threats every day adding to the estimated 45 million viruses already in circulation.

Attacks are more targeted and sophisticated than ever before, representing a substantial threat to businesses, government and sensitive infrastructures such as the military, utilities, hospitals and others. This makes having appropriate security defences in place for mobile devices paramount. With so many threats out there, the chance of a breach is just too high.

For internal protection against these clandestine threats, strong security infrastructure is required to protect organisational communication and information systems and ensure that everyday business is not disrupted. Different solutions to consider include firewalls, filters for incoming and outgoing web and mail data, IT infrastructure segregation for extranets, partner networks and strong intrusion detection systems that can identify unusual activities and suspicious behaviour and stop threats from infiltrating the corporate network.

External end-user protection is also crucial and may initially seem like a straightforward issue, but becomes increasingly complex when you factor in the multiple devices in use by many workers, in many locations. There are many security systems to consider, such as user authentication and authorisation, secure communications between users and corporate networks, security monitoring to provide transparency and validation of the compliance process and day-to-day security reports and monitoring.

A balance between protection and freedom

However, it is critical to maintain a balance between protection and freedom, as too much complexity within security systems can overburden the network, slowing down application response times and making it difficult for employees to access the network when needed.

Too many different solutions can also have the undesirable result of creating loopholes and system vulnerabilities, making it easier for cybercriminals to infiltrate the network and exploit confidential information.

Implementing appropriate security for the new working paradigm may seem like a formidable challenge. However, mobility does not have to be a risk for organisational security – with the right solutions in place, it can create new efficiencies and cost savings while allowing the workforce to work anytime, anywhere.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Gordon Makryllos

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place