Debunking four mobile security myths
- — 26 September, 2013 16:10
This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.
Even with the rapid adoption of mobile in the enterprise, there are a lot of misconceptions about user privacy, security and compliance. We debunk the most prevalent mobile security myths.
* Myth 1: Mobile Device Management (MDM) is the cornerstone of my mobile security strategy
MDM has come a long way in helping facilitate the use of mobile devices in the enterprise. However, the device-level insights that MDM provides produce only a small subset of the information necessary to make strategic security decisions. Enterprises need comprehensive visibility over their entire mobile data ecosystem the device, the app, the network, etc. and not just a device-level solution.
Data on the device is only half of the mobile security challenge data migration to the cloud being the other half. Enterprises need a mobile security platform that not only protects data everywhere, but also empowers users with the apps and devices that they want to use. With a comprehensive solution organizations will have the necessary visibility, control and threat intelligence to deliver on a comprehensive mobile security strategy.
Myth 2: My Mobile Data Is Only On My Mobile Device
Enterprises often believe that their mobile data is stored only on their device but in reality, data can go anywhere (and ultimately does go everywhere), and enterprises have no way of tracking or protecting that data.
IT needs to begin viewing data security, then, as the first line of defense (not as the last). A mobile security approach that provides IT with visibility into which data has crossed the boundary of the enterprise and where it has gone will allow IT to make the necessary informed decisions about how to control that data. And because the controls are tied to the data, the user's native app experience will be left untouched, allowing the user to take full advantage of their capabilities.
Myth 3: Avoiding BYOD will ensure that my data is secure
Over 28% of corporate data is accessed through mobile devices, and this will only continue to trend upward. Users access this corporate data with specific apps, manipulate the data across multiple devices, and potentially store it in the cloud. Regardless of whether your organization chooses to implement BYOD, your employees will continue to use their own devices to access corporate data when they want to. For this reason, it's best to rely on solutions that secure more than the device.
Myth 4: IT should dictate where my data goes
Mobile security begins with information gathering and ends with ensuring that IT and your employees are cooperating effectively. IT teams must look for visibility solutions that fill the knowledge gaps--where users are using, storing, and sending data--before going down the path of putting control policies in place.
For instance, if an organization's users are storing data in the cloud, IT should work with them to know exactly which services they are leveraging. This way, IT can vet those services and ensure that they align with an organization's security policies and make one or two the corporate standard. Collaboration between IT and users, then, can make it possible for users to have the experience they want and IT to have the security it needs.
Read more about anti-malware in Network World's Anti-malware section.