Managing the mobile security paradigm

There have been profound changes in recent years in the way that people work. Mobility, virtualisation and globalisation have extensively altered how business is conducted. These changes mean that updated and upgraded security systems are needed to ensure data security.

There are new collaborative methods to help companies manage their information systems, solutions for virtualising information applications and cutting excessive investments are springing up and fresh hardware is delivering more mobility every day. But with these altered usage patterns come new threats and risks to security.

Professional and personal data confusion

Mobility is becoming an increasingly important aspect of business, and workers using devices such as smartphones or tablets to access the corporate network are quickly becoming ubiquitous.

However, there is a trend towards employees bringing their own device to work and using their personal smartphone or tablet for professional as well as personal purposes. This consumerisation of computing, with its permanent connection to the corporate network, increases the potential danger of data leaks if the device is lost or stolen. There is an increased risk of professional/personal data confusion, potentially resulting in legal penalties for the business and serious risk of virus and malware issues, as many personal devices are not properly protected.

Recent technologies such as cloud computing and social networking are helping to create these new usage patterns and ways of sharing information. These changes require a much higher level of transparency. Considering many organisations are increasingly subject to compliance regulations, it is vital to have strong and secure information systems in place. Companies need to identify and protect confidential information and show due care and diligence in protecting this information, not just for their own privacy but also for their customers.

Threats

Threats to companies are proliferating at an exponential rate. On average, there are 2,000 new threats every day adding to the estimated 45 million viruses already in circulation.

Attacks are more targeted and sophisticated than ever before, representing a substantial threat to businesses, government and sensitive infrastructures such as the military, utilities, hospitals and others. This makes having appropriate security defences in place for mobile devices paramount. With so many threats out there, the chance of a breach is just too high.

For internal protection against these clandestine threats, strong security infrastructure is required to protect organisational communication and information systems and ensure that everyday business is not disrupted. Different solutions to consider include firewalls, filters for incoming and outgoing web and mail data, IT infrastructure segregation for extranets, partner networks and strong intrusion detection systems that can identify unusual activities and suspicious behaviour and stop threats from infiltrating the corporate network.

External end-user protection is also crucial and may initially seem like a straightforward issue, but becomes increasingly complex when you factor in the multiple devices in use by many workers, in many locations. There are many security systems to consider, such as user authentication and authorisation, secure communications between users and corporate networks, security monitoring to provide transparency and validation of the compliance process and day-to-day security reports and monitoring.

A balance between protection and freedom

However, it is critical to maintain a balance between protection and freedom, as too much complexity within security systems can overburden the network, slowing down application response times and making it difficult for employees to access the network when needed.

Too many different solutions can also have the undesirable result of creating loopholes and system vulnerabilities, making it easier for cybercriminals to infiltrate the network and exploit confidential information.

Implementing appropriate security for the new working paradigm may seem like a formidable challenge. However, mobility does not have to be a risk for organisational security – with the right solutions in place, it can create new efficiencies and cost savings while allowing the workforce to work anytime, anywhere.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Data volumes making security-log centralisation trickier: ManageEngine

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

SECURE Web Gateway

Balancing the requirement for strong network security with the need to harness collaborative web technologies is essential for business growth.

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.