Welcome!

Agile Computing Authors: Liz McMillan, Pat Romanski, Zakia Bouachraoui, Yeshim Deniz, Elizabeth White

Blog Feed Post

Mobile device security - tackling the risks

Ian Kilpatrick, chairman Wick Hill Group, specialists in secure IP infrastructure solutions, looks at the risks involved with mobile devices and how to secure them.

Mobile devices with their large data capacities, always on capabilities, and global communications access, can represent both a business applications' dream and a business risk nightmare.

For those in the security industry, the focus is mainly on deploying "solutions" to provide protection. However, we are now at one of those key points of change which happen perhaps once in a generation, and that demand a new way of looking at things.

The convergence of communications, mobile devices and applications, high speed wireless, and cloud access at a personal level, are driving functionality demands on businesses at too fast a rate for many organisations.

While for some, "lockdown" is an appropriate solution to this burgeoning situation, for others, the legitimate business benefits mean they must learn to live with it and try their best to make it work securely.

These demands, coupled with user skills and experience of deploying mobile devices at home, mean that even organisations on "lockdown" can have challenging times dealing with staff "guerrilla" deployments.

Clearly, part of the solution is deploying the right tools to both minimise and report on the risks (e.g. mobile device management, tracking and RF management, authentication, encryption, and behaviour management - as well as basic security measures on mobile devices). Solutions are available from a variety of suppliers, including Kaspersky Lab, WatchGuard, Check Point, SafeNet, Becrypt, VASCO and Allot.

However, a much larger and more important component is actually changing the way that we interact with the problem.

Currently, many organisations see dealing with these unprecedented risks as a challenge for the IT security team, whose role is to protect the organisation.

Traditionally, that was a good working model. However, in the new environment, with immense pressure for fast change and fast deployment of new applications, it is not possible for most IT security teams to carry the responsibility of securing the whole business and every user singlehandedly.

Security needs to be the responsibility of every individual user, every manager and every member of the Board. However, this is more typically honoured in the breach than in the observance, as evidenced by the fact that only a small number of staff are actually formally sanctioned or sacked for failure to comply.

Mobile security strategy

  • Risk analysis and risk acceptance
    Before any mobile device, access, application or service is added, it should be signed off as accepted by the Board.
  • Planning
    Planning for deployment should include security implementation or overt acceptance of the risk.
  • Embedding security
    Security needs to be deployed with the solution, not post event.
  • Policies
    Policies need to be clearly enunciated, not just contained in a policy document.
  • Processes
    Processes need to be clear, as do consequences.
  • Education and staff involvement
    Staff education is essential and should be 'education', not just a list of things staff can't do. If employees don't understand why they need to secure their own mobile devices or wireless connections, they certainly aren't going to be overly concerned about yours.
  • Deployment
    Deployment of mobile devices, including security elements, needs to be sold to staff i.e. get buy-in from staff that security is a key element of deployment, rather than presenting it as 'security needs to be there, so live with it.' Mobile device security and monitoring need to be introduced at the point of deployment. If this is a sign off/buy-in situation, it gets management commitment and cuts negative activities around mobile device usage.
  • Monitoring and feedback loop
    It is crucial to not only monitor, but also to be seen to be monitoring mobile security measures. High visibility and regular feedback to all staff, on both success and failure, are very important.
  • Analysis
    The Board needs to have regular reporting of the security landscape, so they are aware of the level of threat, and the levels of risk that they have accepted.
  • Forensics
    After a breach, particularly for mobile devices, organisations want to understand what has happened, what the failure was and what action they can take. Forensic tools are key to success here, such as those provided by Guidance Software.

Implementing the strategy obviously then involves the deployment of the correct tools and reporting. Clearly this also raises issue of the integration (or replacement) of existing tools with broader management and reporting solutions - but that is a topic for another day!

ENDS

About the author
Ian Kilpatrick is chairman of international value added distributor Wick Hill Group plc, specialists in market development for secure IP infrastructure solutions. Kilpatrick has been involved with the Group for more than 35 years. Wick Hill supplies organisations from enterprises to SMEs, through an extensive value-added network of accredited VARs.

Kilpatrick has an in-depth experience of IT and unified communications (UC) with a strong vision of the future. He looks at these areas from a business point-of-view and his approach reflects his philosophy that business benefits, ease-of-use and cost of ownership are key factors, rather than just technology. He has authored numerous articles and publications, as well as being a regular speaker at conferences, exhibitions and seminars. For more information about Wick Hill, please visit http://www.wickhill.com/ or www.twitter.com/wickhill

For further press information, please contact Annabelle Brown on 01326 318212, email [email protected]. For pic of Ian Kilpatrick, please contact Annabelle Brown or download from http://www.wickhill.com/company/press/pictures. For reader queries, contact Wick Hill on 01483 227600. Web http://www.wickhill.com/

Source: RealWire

Read the original blog entry...

More Stories By RealWire News Distribution

RealWire is a global news release distribution service specialising in the online media. The RealWire approach focuses on delivering relevant content to the receivers of our client's news releases. As we know that it is only through delivering relevance, that influence can ever be achieved.

IoT & Smart Cities Stories
All in Mobile is a place where we continually maximize their impact by fostering understanding, empathy, insights, creativity and joy. They believe that a truly useful and desirable mobile app doesn't need the brightest idea or the most advanced technology. A great product begins with understanding people. It's easy to think that customers will love your app, but can you justify it? They make sure your final app is something that users truly want and need. The only way to do this is by ...
Digital Transformation and Disruption, Amazon Style - What You Can Learn. Chris Kocher is a co-founder of Grey Heron, a management and strategic marketing consulting firm. He has 25+ years in both strategic and hands-on operating experience helping executives and investors build revenues and shareholder value. He has consulted with over 130 companies on innovating with new business models, product strategies and monetization. Chris has held management positions at HP and Symantec in addition to ...
Dynatrace is an application performance management software company with products for the information technology departments and digital business owners of medium and large businesses. Building the Future of Monitoring with Artificial Intelligence. Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more busine...
DXWorldEXPO LLC announced today that Big Data Federation to Exhibit at the 22nd International CloudEXPO, colocated with DevOpsSUMMIT and DXWorldEXPO, November 12-13, 2018 in New York City. Big Data Federation, Inc. develops and applies artificial intelligence to predict financial and economic events that matter. The company uncovers patterns and precise drivers of performance and outcomes with the aid of machine-learning algorithms, big data, and fundamental analysis. Their products are deployed...
The challenges of aggregating data from consumer-oriented devices, such as wearable technologies and smart thermostats, are fairly well-understood. However, there are a new set of challenges for IoT devices that generate megabytes or gigabytes of data per second. Certainly, the infrastructure will have to change, as those volumes of data will likely overwhelm the available bandwidth for aggregating the data into a central repository. Ochandarena discusses a whole new way to think about your next...
CloudEXPO | DevOpsSUMMIT | DXWorldEXPO are the world's most influential, independent events where Cloud Computing was coined and where technology buyers and vendors meet to experience and discuss the big picture of Digital Transformation and all of the strategies, tactics, and tools they need to realize their goals. Sponsors of DXWorldEXPO | CloudEXPO benefit from unmatched branding, profile building and lead generation opportunities.
Cell networks have the advantage of long-range communications, reaching an estimated 90% of the world. But cell networks such as 2G, 3G and LTE consume lots of power and were designed for connecting people. They are not optimized for low- or battery-powered devices or for IoT applications with infrequently transmitted data. Cell IoT modules that support narrow-band IoT and 4G cell networks will enable cell connectivity, device management, and app enablement for low-power wide-area network IoT. B...
The hierarchical architecture that distributes "compute" within the network specially at the edge can enable new services by harnessing emerging technologies. But Edge-Compute comes at increased cost that needs to be managed and potentially augmented by creative architecture solutions as there will always a catching-up with the capacity demands. Processing power in smartphones has enhanced YoY and there is increasingly spare compute capacity that can be potentially pooled. Uber has successfully ...
SYS-CON Events announced today that CrowdReviews.com has been named “Media Sponsor” of SYS-CON's 22nd International Cloud Expo, which will take place on June 5–7, 2018, at the Javits Center in New York City, NY. CrowdReviews.com is a transparent online platform for determining which products and services are the best based on the opinion of the crowd. The crowd consists of Internet users that have experienced products and services first-hand and have an interest in letting other potential buye...
When talking IoT we often focus on the devices, the sensors, the hardware itself. The new smart appliances, the new smart or self-driving cars (which are amalgamations of many ‘things'). When we are looking at the world of IoT, we should take a step back, look at the big picture. What value are these devices providing. IoT is not about the devices, its about the data consumed and generated. The devices are tools, mechanisms, conduits. This paper discusses the considerations when dealing with the...