Determining the best approach to mobile security
With the data security risk posed by mobile users, businesses must determine how best to protect company information in an environment that is no longer as contained as it once was.
There is no question these days that mobile is a major security concern, both for individual users and for businesses deploying BYOD (Bring your own Device) programs. Many recent reports have highlighted a rise in mobile security threats, including one study that claimed mobile threats doubled from 2010 to 2011.
With the data security risk posed by mobile users, businesses must determine how best to protect company information in an environment that is no longer as contained as it once was. For IT departments, the question of securing the business comes down to a fundamental debate, according to Network World. The site recently featured a point/counterpoint series between industry experts Kevin Flynn and Lawrence Reusing to discuss whether mobile security efforts should be focused on the device or the network.
The case for focusing on network security
According to Flynn, a network security product manager, the network has historically been the most effective place to spearhead security efforts. While BYOD is now at the center of the discussion, the push from employees for IT to adopt new technologies has happened with various applications since the 1980s. IT departments can draw on the lessons from efforts to support desktop publishing applications, Internet adoption and Web 2.0 tools as they develop their mobile policy.
“Simply put, the network has always and will always be the final authority on what information goes to and from devices,” Flynn said.
He noted that a network-centric security approach is the easiest way for organizations to incorporate mobile into its existing architecture, as opposed to a strategy that tries to monitor individual users. The latter approach offers the problem of dealing with human behavior. Flynn cited a survey that found most Gen-Y workers consider BYOD to be a right and that almost a third would go against company security policies that forbid using their device at work.
Not only might IT be fighting against users by trying to handle mobile security on a device-by-device basis, but this approach is more technically challenging, Flynn said. The wide range of mobile platforms and operating systems complicates standardization, as even the same mobile device management software can offer different levels of security when installed across multiple devices. He argued that the most effective data protection plan must therefore begin with the standardization provided by securing the network.
The case for focusing on device security
For Lawrence Reusing, a mobile data security manager, the focus on mobile security should begin with the device itself, even though a layered approach that incorporates network security is likely the best practice.
At the crux of the issue is that mobile devices and laptops all provide individual access points to a company’s network, and, particularly as the number of mobile workers rises, these provide a huge number of potential pain points. Many mobile employees work from unsecured networks at places like coffee shops, Reusing noted, which could quickly place corporate resources in harm’s way.
“Strong on-device security is a must,” Reusing said, pointing out that content-level encryption is an important, effective form of protection for most threats. Acknowledging that it cannot protect against every threat, Reusing advocated for multi-layer authentication in order to provide as many security roadblocks as possible.
However, Reusing pointed out, human behavior is the biggest threat, and endpoint security solutions need to anticipate users making the easiest choices. Automatic encryption and mobile device management software are important components in a device security plan, he said.
“Mobile device security too often takes a back seat when IT takes up the challenge of securing the network,” Reusing wrote. “While network security and device security must work in tandem, security should start with the end point in mind.”
Data Security News from SimplySecurity.com by Trend Micro.
Spotlight
Cloud Computing
- US makes large investment in cyber weaponry
- Wall Street has data security concerns over Bloomberg reporting
- Security in backups means more than just encryption
- Employees must buy into the company policy for better cloud security
Virtualization
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Internet Safety
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Vulnerabilities & Exploits
CTO Insights
First Line of Defense
Newsletter
Stay up to date with the latest news and information on online threats.
Recent News
- Cloud security group develops third-party certification program
- US makes large investment in cyber weaponry
- SEC may ask for more information after cyberattacks
- FBI trying to train financial execs on cyber threats
Tag Cloud
cloud cloud computing cloud computing security Cloud Security Compliance & Regulations Consumerization Current News cybercrime Data Privacy data security Encryption Government Policy Internet Protection Internet Safety Internet Safety - DO NOT USE Internet Security Malware Mobile Security Mobility Policy Policy - DO NOT USE Privacy Privacy & Policy Private Cloud Public Cloud Reports Research Spotlight threat intelligence threat research Trend Labs Underground Economy virtualization Vulnerabilities Vulnerabilities - DO NOT USE web security web threats
Comments
No comments yet