Welcome!

Agile Computing Authors: Ed Featherston, Yeshim Deniz, Pat Romanski, Elizabeth White, Paul Simmons

Blog Feed Post

Mobile device security - tackling the risks

Ian Kilpatrick, chairman Wick Hill Group, specialists in secure IP infrastructure solutions, looks at the risks involved with mobile devices and how to secure them.

Mobile devices with their large data capacities, always on capabilities, and global communications access, can represent both a business applications' dream and a business risk nightmare.

For those in the security industry, the focus is mainly on deploying "solutions" to provide protection. However, we are now at one of those key points of change which happen perhaps once in a generation, and that demand a new way of looking at things.

The convergence of communications, mobile devices and applications, high speed wireless, and cloud access at a personal level, are driving functionality demands on businesses at too fast a rate for many organisations.

While for some, "lockdown" is an appropriate solution to this burgeoning situation, for others, the legitimate business benefits mean they must learn to live with it and try their best to make it work securely.

These demands, coupled with user skills and experience of deploying mobile devices at home, mean that even organisations on "lockdown" can have challenging times dealing with staff "guerrilla" deployments.

Clearly, part of the solution is deploying the right tools to both minimise and report on the risks (e.g. mobile device management, tracking and RF management, authentication, encryption, and behaviour management - as well as basic security measures on mobile devices). Solutions are available from a variety of suppliers, including Kaspersky Lab, WatchGuard, Check Point, SafeNet, Becrypt, VASCO and Allot.

However, a much larger and more important component is actually changing the way that we interact with the problem.

Currently, many organisations see dealing with these unprecedented risks as a challenge for the IT security team, whose role is to protect the organisation.

Traditionally, that was a good working model. However, in the new environment, with immense pressure for fast change and fast deployment of new applications, it is not possible for most IT security teams to carry the responsibility of securing the whole business and every user singlehandedly.

Security needs to be the responsibility of every individual user, every manager and every member of the Board. However, this is more typically honoured in the breach than in the observance, as evidenced by the fact that only a small number of staff are actually formally sanctioned or sacked for failure to comply.

Mobile security strategy

  • Risk analysis and risk acceptance
    Before any mobile device, access, application or service is added, it should be signed off as accepted by the Board.
  • Planning
    Planning for deployment should include security implementation or overt acceptance of the risk.
  • Embedding security
    Security needs to be deployed with the solution, not post event.
  • Policies
    Policies need to be clearly enunciated, not just contained in a policy document.
  • Processes
    Processes need to be clear, as do consequences.
  • Education and staff involvement
    Staff education is essential and should be 'education', not just a list of things staff can't do. If employees don't understand why they need to secure their own mobile devices or wireless connections, they certainly aren't going to be overly concerned about yours.
  • Deployment
    Deployment of mobile devices, including security elements, needs to be sold to staff i.e. get buy-in from staff that security is a key element of deployment, rather than presenting it as 'security needs to be there, so live with it.' Mobile device security and monitoring need to be introduced at the point of deployment. If this is a sign off/buy-in situation, it gets management commitment and cuts negative activities around mobile device usage.
  • Monitoring and feedback loop
    It is crucial to not only monitor, but also to be seen to be monitoring mobile security measures. High visibility and regular feedback to all staff, on both success and failure, are very important.
  • Analysis
    The Board needs to have regular reporting of the security landscape, so they are aware of the level of threat, and the levels of risk that they have accepted.
  • Forensics
    After a breach, particularly for mobile devices, organisations want to understand what has happened, what the failure was and what action they can take. Forensic tools are key to success here, such as those provided by Guidance Software.

Implementing the strategy obviously then involves the deployment of the correct tools and reporting. Clearly this also raises issue of the integration (or replacement) of existing tools with broader management and reporting solutions - but that is a topic for another day!

ENDS

About the author
Ian Kilpatrick is chairman of international value added distributor Wick Hill Group plc, specialists in market development for secure IP infrastructure solutions. Kilpatrick has been involved with the Group for more than 35 years. Wick Hill supplies organisations from enterprises to SMEs, through an extensive value-added network of accredited VARs.

Kilpatrick has an in-depth experience of IT and unified communications (UC) with a strong vision of the future. He looks at these areas from a business point-of-view and his approach reflects his philosophy that business benefits, ease-of-use and cost of ownership are key factors, rather than just technology. He has authored numerous articles and publications, as well as being a regular speaker at conferences, exhibitions and seminars. For more information about Wick Hill, please visit http://www.wickhill.com/ or www.twitter.com/wickhill

For further press information, please contact Annabelle Brown on 01326 318212, email [email protected]. For pic of Ian Kilpatrick, please contact Annabelle Brown or download from http://www.wickhill.com/company/press/pictures. For reader queries, contact Wick Hill on 01483 227600. Web http://www.wickhill.com/

Source: RealWire

Read the original blog entry...

More Stories By RealWire News Distribution

RealWire is a global news release distribution service specialising in the online media. The RealWire approach focuses on delivering relevant content to the receivers of our client's news releases. As we know that it is only through delivering relevance, that influence can ever be achieved.

@ThingsExpo Stories
Michael Maximilien, better known as max or Dr. Max, is a computer scientist with IBM. At IBM Research Triangle Park, he was a principal engineer for the worldwide industry point-of-sale standard: JavaPOS. At IBM Research, some highlights include pioneering research on semantic Web services, mashups, and cloud computing, and platform-as-a-service. He joined the IBM Cloud Labs in 2014 and works closely with Pivotal Inc., to help make the Cloud Found the best PaaS.
Cloud-enabled transformation has evolved from cost saving measure to business innovation strategy -- one that combines the cloud with cognitive capabilities to drive market disruption. Learn how you can achieve the insight and agility you need to gain a competitive advantage. Industry-acclaimed CTO and cloud expert, Shankar Kalyana presents. Only the most exceptional IBMers are appointed with the rare distinction of IBM Fellow, the highest technical honor in the company. Shankar has also receive...
"Evatronix provides design services to companies that need to integrate the IoT technology in their products but they don't necessarily have the expertise, knowledge and design team to do so," explained Adam Morawiec, VP of Business Development at Evatronix, in this SYS-CON.tv interview at @ThingsExpo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
Business professionals no longer wonder if they'll migrate to the cloud; it's now a matter of when. The cloud environment has proved to be a major force in transitioning to an agile business model that enables quick decisions and fast implementation that solidify customer relationships. And when the cloud is combined with the power of cognitive computing, it drives innovation and transformation that achieves astounding competitive advantage.
The Founder of NostaLab and a member of the Google Health Advisory Board, John is a unique combination of strategic thinker, marketer and entrepreneur. His career was built on the "science of advertising" combining strategy, creativity and marketing for industry-leading results. Combined with his ability to communicate complicated scientific concepts in a way that consumers and scientists alike can appreciate, John is a sought-after speaker for conferences on the forefront of healthcare science,...
Data is the fuel that drives the machine learning algorithmic engines and ultimately provides the business value. In his session at Cloud Expo, Ed Featherston, a director and senior enterprise architect at Collaborative Consulting, discussed the key considerations around quality, volume, timeliness, and pedigree that must be dealt with in order to properly fuel that engine.
Explosive growth in connected devices. Enormous amounts of data for collection and analysis. Critical use of data for split-second decision making and actionable information. All three are factors in making the Internet of Things a reality. Yet, any one factor would have an IT organization pondering its infrastructure strategy. How should your organization enhance its IT framework to enable an Internet of Things implementation? In his session at @ThingsExpo, James Kirkland, Red Hat's Chief Archi...
The current age of digital transformation means that IT organizations must adapt their toolset to cover all digital experiences, beyond just the end users’. Today’s businesses can no longer focus solely on the digital interactions they manage with employees or customers; they must now contend with non-traditional factors. Whether it's the power of brand to make or break a company, the need to monitor across all locations 24/7, or the ability to proactively resolve issues, companies must adapt to...
In his keynote at 18th Cloud Expo, Andrew Keys, Co-Founder of ConsenSys Enterprise, provided an overview of the evolution of the Internet and the Database and the future of their combination – the Blockchain. Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settl...
Organizations planning enterprise data center consolidation and modernization projects are faced with a challenging, costly reality. Requirements to deploy modern, cloud-native applications simultaneously with traditional client/server applications are almost impossible to achieve with hardware-centric enterprise infrastructure. Compute and network infrastructure are fast moving down a software-defined path, but storage has been a laggard. Until now.
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, discussed how Dice leverages data insights and tools to help both tech professionals and recruiters better understand how skills relate to each other and which skills are in high demand using interactive visualizations and salary indicator tools to maximize earning potential. Manish Dixit is VP of Product and Engineering at Dice. As the leader of the Product, Engineering and Data Sciences team at D...
DXWorldEXPO LLC announced today that the upcoming DXWorldEXPO | CloudEXPO New York event will feature 10 companies from Poland to participate at the "Poland Digital Transformation Pavilion" on November 12-13, 2018.
Digital Transformation is much more than a buzzword. The radical shift to digital mechanisms for almost every process is evident across all industries and verticals. This is often especially true in financial services, where the legacy environment is many times unable to keep up with the rapidly shifting demands of the consumer. The constant pressure to provide complete, omnichannel delivery of customer-facing solutions to meet both regulatory and customer demands is putting enormous pressure on...
The best way to leverage your CloudEXPO | DXWorldEXPO presence as a sponsor and exhibitor is to plan your news announcements around our events. The press covering CloudEXPO | DXWorldEXPO will have access to these releases and will amplify your news announcements. More than two dozen Cloud companies either set deals at our shows or have announced their mergers and acquisitions at CloudEXPO. Product announcements during our show provide your company with the most reach through our targeted audienc...
JETRO showcased Japan Digital Transformation Pavilion at SYS-CON's 21st International Cloud Expo® at the Santa Clara Convention Center in Santa Clara, CA. The Japan External Trade Organization (JETRO) is a non-profit organization that provides business support services to companies expanding to Japan. With the support of JETRO's dedicated staff, clients can incorporate their business; receive visa, immigration, and HR support; find dedicated office space; identify local government subsidies; get...
DXWorldEXPO LLC announced today that All in Mobile, a mobile app development company from Poland, will exhibit at the 22nd International CloudEXPO | DXWorldEXPO. All In Mobile is a mobile app development company from Poland. Since 2014, they maintain passion for developing mobile applications for enterprises and startups worldwide.
@DevOpsSummit at Cloud Expo, taking place November 12-13 in New York City, NY, is co-located with 22nd international CloudEXPO | first international DXWorldEXPO and will feature technical sessions from a rock star conference faculty and the leading industry players in the world.
"Akvelon is a software development company and we also provide consultancy services to folks who are looking to scale or accelerate their engineering roadmaps," explained Jeremiah Mothersell, Marketing Manager at Akvelon, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
As data explodes in quantity, importance and from new sources, the need for managing and protecting data residing across physical, virtual, and cloud environments grow with it. Managing data includes protecting it, indexing and classifying it for true, long-term management, compliance and E-Discovery. Commvault can ensure this with a single pane of glass solution – whether in a private cloud, a Service Provider delivered public cloud or a hybrid cloud environment – across the heterogeneous enter...
DXWorldEXPO LLC announced today that ICC-USA, a computer systems integrator and server manufacturing company focused on developing products and product appliances, will exhibit at the 22nd International CloudEXPO | DXWorldEXPO. DXWordEXPO New York 2018, colocated with CloudEXPO New York 2018 will be held November 11-13, 2018, in New York City. ICC is a computer systems integrator and server manufacturing company focused on developing products and product appliances to meet a wide range of ...