Simply Security - News, Views, and Opinions from Trend Micro

Posted on April 16th, 2012 in Encryption by Simply Security | 2 Comments | Tags: Encryption

As mobile devices blur the lines of work and play, companies should focus their risk management efforts on safeguarding data.

The irreversible influx of smartphones and tablets in the business community has introduced a whole new layer of responsibility for corporate compliance officers and IT security personnel. But as technology teams struggle to support a variety of mobile operating systems running on a ever-expanding range of devices, the key to risk management may be focusing on company data, as opposed to the endpoint it is accessed from or carried on.

Visibility is a crucial concept in network management. After all, you can't understand what you can't see. When an office desktop was the only access point for company data and bandwidth, it was easy to monitor exactly how employees were interacting with the network. This task became more challenging once laptops enabled remote access, and that phenomenon has been exponentially amplified by the rise of smartphones and tablets.

As a result, IT teams are having a difficult time even establishing how many devices and how many people are accessing company resources. As perimeter of the network environment shifts, morphs and even evaporates, traditional defense strategies have become obsolete. This realization is driving anxiety level through the roof for a number of industry professionals.

According to the latest survey from independent researchers at the SANS Institute, just 9 percent of IT officers felt "fully aware" of the devices accessing corporate data and networks. Similar findings were observed in a separate report from Tenable Network Security, suggesting that nearly 70 percent of security teams have no way of identifying known mobile device vulnerabilities in their environments.

"Mobile devices add an entirely new level of complexity to an organization, but security too often takes a back seat to convenience," Tenable CEO Ron Gula explained. "Although the transient nature of mobile devices presents a unique challenge, organizations can achieve greater control by regularly scanning for vulnerabilities and monitoring the information that comes on and off their network."

While this is well-qualified advice, a number of companies are having trouble putting principle into practice. Mobile device management (MDM) software has emerged as an important aid, but the technology is still maturing. With BYOD (bring your own device) programs changing the dynamics of the network environment, it may be wise to complement endpoint monitoring tools with a more data-centric approach.

According to ZDNet, this data-over-device paradigm was a leading topic of discussion at the recent RSA Conference. As cloud computing facilitates a greater proportion of operations on all platforms, experts believe data will be moved seamlessly between devices.

"The term 'mobile' will disappear because every device will be portable and our data will be universally accessible from any devices we carry," RSA Labs director Ari Juels told ZDNet.

Even the counterpoints submitted by others in attendance seem to build the argument for data-centricity. According to ZDNet, one analysts underscored the fact that the rise of BYOD will mean more instances of corporate resources being accessed through personal devices outside of IT's view. While he suggested that this made it all the more important to focus on securing the device, it seems logical that the first priority would be to protect data while MDM competency is being established.

Existing strategies such as robust encryption, for example, could be of particular value to the network administrator who is uncertain of how many devices are accessing company data, nevermind who is accountable.

Healthcare administrators would be wise to follow this ongoing debate, according to American Medical News. Considering the fact that an estimated 80 percent of physicians now use a smartphone or tablet – and manage some of the most sensitive and highly regulated workloads of any professional – it is important to take all available actions to ensure data security plans effectively extend to mobile platforms.

Data Security News from SimplySecurity.com by Trend Micro