As a business or technical leader, you know you need to protect your company in a rapidly evolving mobile ecosystem. However, threats are not always obvious. As malware and attacks become more sophisticated over time, business decision makers must work with technical decision makers to navigate security threats in a mobile world.
This blog series, authored by Kathy Trahan, explores the topic of enterprise mobility security from a situational level and provides insight into what leaders can do now to mitigate risk. To read the first post focused on securing device freedom, click here. The second post, available here, focused on the risks that come with mobile connections. Kathy’s third post explored how to secure mobile data. – Bret Hartman, Chief Technology Officer (CTO) for Cisco’s Security Technology Group
In today’s mobile and cloud-centric landscape, the ability for employees to access data, account information, real-time statistics, and other pertinent information on their personal devices is what it takes to remain competitive in the business marketplace.
And while the rush has been on to empower employees to be able to connect from anywhere, security concerns are topping the “must address” list of enterprises everywhere.
One key concern is the increasing use of mobile devices to access relevant business information. In fact, according to the Cisco Connected World International Mobile Security survey, 63% of users downloaded sensitive data on such devices.
So, in a scenario where a team of sales representatives are updating account profiles by accessing data on their personal devices, IT and business leaders must ask: How secure is the network the team is using to access sensitive company information? Is it possible malware on their mobile devices can gain entry from a public or private cloud to compromise or steal data? Should mobile security policies prohibit certain employees from downloading certain information when they are off-site?
These questions must be answered. Especially since over the next four years, there will be nearly 21 billion networked devices and connections globally. Business Decision Makers (BDMs) and Technical Decision Makers (TDMs), must team up and determine the best mobile security policies that balance productivity and security of sensitive data, notably understanding security threats and establishing access requirements.
Understanding Security Threats
It’s no longer a question of when a security breach may occur, but when an attack will leave your data compromised and your network is exposed. And as much as mobile devices have emerged to be one of the most beneficial business tools of choice, they are also the perfect gateway for disruptive agents to cripple your network.
Cloud-based applications and services allow for flexibility that many take for granted, but not security professionals. One survey reveals that 31% of security professionals believe the biggest risk associated with cloud infrastructure services is “privacy concerns associated with sensitive and/or regulated data stored and/or processed by a cloud infrastructure provider.” It is critical to assure your security compliance is extended to your cloud service—evaluate your cloud provider carefully. Don’t forget the notion of “Bring Your Own Cloud” that many employees are also engaged in.
And each time a new threat from malware, targeted cyber-attack, or security breach makes the news, it’s a somber (and expensive) reminder that our data is not safe.
One of the key findings of the Cisco Annual Security Report was that malware is an enormous threat, capitalizing on users’ trust in the systems they access. Most recently noted in the Cisco Mid-Year Security report, malware can enter your network by deceiving users with “maladvertsing” –tantalizing offers to malware-ridden websites or SPAM emotion appeals thru email that lure you to the corrupt website. However these viruses, worms, Trojans, or bots enter your network, the damages can be costly. Think destroyed data, continuous exploitation of a network weakness and even more importantly, negative press and mistrust of your network by your stakeholders.
Whatever the solution selected to combat malware, BDMs, and TDMs should seek ones that include detection, blocking and continuous monitoring of malware. TDMs should strive to present cybersecurity information in terms relatable to BDMs; in turn, BDMs must consider the business risks involved with cybersecurity. In consideration of mobility, vigilance must be increased since many mobile devices are compact and easy-to-carry extensions of the networks that house sensitive information.
Who’s Accessing Your Network
Determining who is accessing your network and the levels at which they’re permitted to access it can greatly affect the security of data.
Not surprisingly, larger companies have a higher risk of encountering malware than smaller ones. But whether there is a global force of 25,000 employees or a small and dedicated team of 10, BDMs and TDMs must implement policies that do not negate productivity, but recognize that security is of the utmost importance.
One of the first steps BDMs and TDMs can take is ensuring a security compliance plan is in place, well-communicated to the employee base, and that employees are empowered and invested in securing their personal devices. Security features are forever evolving on personal mobile devices that hit the market – facial recognition and thumb print locks are a couple that come to mind – and employees should be just as devoted to protecting company data from threats as they are their own social media pages. While employee-awareness may further minimize risk, the reality is enforcement of security policies also needs to be automated and somewhat seamless to the end user. Mobile device access should have some level of criteria mandated to enter the network—for example authentication with sign on and thumb print recognition.
When it comes to who’s accessing what information, BDMs and TDMs should look at the overall structure of their company hierarchy on-site and apply those same parameters when it comes to mobile access. If there is certain information accessible only by your C-suite level team and their assistants for example, why would your sales team members need the same access?
Tailor your solutions so your workforce does not feel constricted, but also so IT is not subjected to scramble measures because the workforce is putting your networks at risk.
Mobility stats may “trend” but mobility itself is no longer a trend. It’s a way of doing business and a must for organization who wish to remain competitive. Sensitive data is stored on mobile devices, on-site and in the cloud. This “anywhere, anytime” access means that not only is clear security compliance necessary, but they must be able to keep pace with an increasing number of security threats that are acutely more sophisticated and devastating. But with buy-in from both BDMs and TDMs, security threats can be mitigated and it really can be business as usual.
- Read Approaches to Security Compliance for Real Time Mobile Data Access by Michael Raggo, MobileIron
- Read Securing Employee Device Freedom by Bret Hartman
- Read The Risk of Remote Connection: What’s Your Plan? by Kathy Trahan
- Read Securing Mobile Data: What’s Your Plan? by Kathy Trahan
- Read the Cisco 2014 Midyear Security Report
- View the Profile of Growing Attacks Against the Internet Infrastructure graphic
- Read Data Security Through the Cloud
- View the Cisco’s interactive Navigating Security Threats in a Mobile World
- See insights from the Cisco Annual Security Report