Mobile security is a top concern for IT and business leaders. This blog series with Dimension Data explores how organizational leaders can work together to mitigate concern and implement clearly defined policies and mobility goals. This blog will address closing the gap between secure mobility vision and real-world implementation. The first blog in this series discussing how concerns outweigh actions when it comes to mobility security is here. The second blog in this series highlighting how IT and business leaders can work together to develop secure mobility policies is here.
There is a gap between the vision for secure mobility and the real-world implementation.
How do we know a gap exists? A recent Dimension Data Secure Mobility Survey report indicates 79% of IT leaders believe mobility is a top priority and 69% of those surveyed already have a mobility roadmap in place. The vision looks good, right? However, only 29% of those implementing their roadmap have tested their core applications, and only 32% have conducted a security audit of the applications.
Today, IT is faced with the challenge of providing any user from any location on any device access to any of the corporate applications, all while keeping assets and users secure. These perimeters add up to a complex equation and it’s contributing to this gap in IT leaders’ approach to vision and action for mobility deployments. How can IT and business leaders work to address this disparity?
Listed below are a few steps that should be considered to help turn the secure mobility vision into a reality. Taking a careful assessment of what mobility can offer and applying these steps can make the difference between a successful implementation and being derailed by unforeseen problems.
1. Determine a Mobility Policy and Data Classification Model
From the Dimension Data survey, 71% of those surveyed said data security is their greatest mobility-related concern. This figure is not surprising; protecting corporate data is imperative. Yet many do not have a policy to address how data is categorized and classified.
A holistic mobile policy that is right for your business can contribute to a well-defined network. For organizations to fully reap the benefits of mobility, they need to start from a policy and data classification perspective. Businesses and employees need to come to an understanding for how data on mobile devices will be distinguished between personal data and corporate data.
2. Define Access Control
Identifying network mobile access control in a structured way is an essential next step. However, it can be a complex topic as IT factors in the identity of the user, identity of the device, and location-based intelligence when a particular device accesses the network.
Consider this example: A doctor uses a tablet to access medical records in a hospital via the network, which delivers life-saving critical data when the doctor is on campus. But when the doctor goes on a lunch break and connects to a different access point, the network should be able to automatically detect that the doctor has left the hospital and is no longer allowed to access those records outside of the secure network. This type of access control is an appropriate step in securing enterprise mobility.
3. Introduce Mobile Device Management
While most of us are familiar with Mobile Device Management (MDM), this implementation can empower IT and InfoSec teams to separate data from personal and company-owned assets and issue controls and policies—whether users are bringing a device from home or using a company-issued device. There are many functions an MDM solution needs to perform, such as provisioning, on-boarding new devices, and more. The flexibility of MDM can allow enterprises to add on additional features to help bridge some of these gaps between enterprise mobility security vision and actual deployment.
4. Ensure Data Leakage Prevention from a Mobile Perspective Is Respected
When all other steps have been completed, and assuming classical perimeter security measures are already in place, IT and business teams should ensure that the potential for data leakage is significantly reduced. Teams should also evaluate the actual deployment of security measures to match the data classification policies mentioned in step 1. As the future of mobility continues to propel forward, this step should be revisited often to ensure all policies and actual security deployments are in line with business goals and needs.
As the average enterprise mobility user connects 2.5 mobile devices (usually a laptop and phone/tablet), it is critical that IT and business leaders issue the right policies and controls for a well-defined and secure mobile network.
Together, IT and business leaders can work to enhance mobility security by embracing a top-down approach. The next and final blog in this series will discuss how business transformation can be achieved by matching business-driven policy with an architectural approach.
- Read Securing the Future Enterprise by Bret Hartman of Cisco
- Check out What Next-Generation Wi-Fi Models Could Mean for Secure Mobility by Evelyn de Souza of Cisco
- For additional reading: Mobile Security: Is the Risk Worth the Reward? by Evelyn de Souza