Securing the Mobile Enterprise: How to Effectively Manage Risks
In securing mobile devices, there are a number of factors to consider, many of which could present new challenges or complexities for your business.
28 March 2014
The emergence of mobile technologies has dramatically shifted the way people use the internet and IT in business over the past decade. Whether you support corporate-issued devices, like laptops or tablets, or validate the Bring Your Own Device (BYOD) policy, security cannot be effectively managed at device level – controls should be applied as close to valuable data as possible.
Fundamentally, you still need to secure your information and protect your infrastructure against threats, but now you need to do so on another level entirely. In securing the mobile enterprise, there are a number of factors to consider, many of which could present new challenges or complexities for your organization.
The common usage/reoccurrence of BYOD forces companies to rely on the security of their own infrastructures as well as their employees’ devices, SaaS providers, business partners etc. While BYOD can be cost-effective, you may risk losing end-user control. To secure your mobile enterprise, consider asking employees to use a VPN technology, download anti-virus and install password protection like multi-factor authentication.
Keep in mind, making these asks could create pushback from employees - these are their devices after all. To avoid this, organizations could implement a mobile application which can serve as a secure entryway between devices and enterprise systems. File sharing apps like Intralinks VIA™ secure mobile app can provide employees with the tools they need to help drive business productivity and protect corporate information. The app should incorporate security measures that protect information wherever it goes, even if the device is lost. Standards-based encryption with military-grade key management must be employed and high-grade cryptography is essential. App developers must take advantage of available encryption engines - all devices support it. Given the value of data that goes on those devices, anything less is insufficient. Through a combination of passcodes, timeouts, server authentication, provisioning and de-provisioning of internal and external mobile users, information security folks can rest assured that their employees will collaborate without high risk, and with transparency, control and compliance.
Another factor to be aware of is the phenomena of the consumerization of information technology (IT). Whether you’re fan or a foe, the consumerization of IT continues to change the way we work and share information with one another. As an IT or information security professional, it’s important to not only realize this shift, but to put preventative measures in place to keep your organization’s content secure, wherever it goes.
Similarly, the notion that business devices could be treated as personal devices presents implications for enterprises as well. Notwithstanding the penetration of consumer devices into the enterprise, organizations must secure their information while enabling teams to work with ease. The challenge is doing this in a way that doesn’t place extreme limitations on how information is shared (both within your organization and outside of the firewall) so that teams can still conduct business effectively. The key is using an enterprise-grade file sync and share solution that has the ability to address the main drivers of enterprise file sharing and collaboration. Drivers can include a risk management strategy (a deep knowledge of regulation and certifications; expertise in managing risk and ensuring compliance), business productivity (a solution must not limit productivity, but enable secure collaboration through effective controls) and IT efficiency (a solution must leverage existing IT resources and integrate with current applications and protocols).
These trends are here to stay and will continue to evolve over time, and with it, so must your mobile security. Solutions that enable user-friendly mobile access with the right safeguards in place – ones which let you keep control of who’s doing what with your information – ought to be front and center in any mobile strategy.
Always remember, security should be just as robust on mobile devices as it is behind the firewall. Mobile has come a long way in becoming a new channel for organizations to conduct business, but it’s up to you to secure it properly.
Meagan Parrish is the Senior Manager of Social Media at Intralinks. She is responsible for social media strategy development and the communications for Intralinks' online communities. Meagan has been creating social media strategies for a variety of companies across verticals for the past several years. She holds Bachelor degrees in Marketing and Finance, with a minor in English Literature.