Welcome!

Agile Computing Authors: Liz McMillan, Zakia Bouachraoui, Yeshim Deniz, Elizabeth White, Pat Romanski

Blog Feed Post

Mobile device security - tackling the risks

Ian Kilpatrick, chairman Wick Hill Group, specialists in secure IP infrastructure solutions, looks at the risks involved with mobile devices and how to secure them.

Mobile devices with their large data capacities, always on capabilities, and global communications access, can represent both a business applications' dream and a business risk nightmare.

For those in the security industry, the focus is mainly on deploying "solutions" to provide protection. However, we are now at one of those key points of change which happen perhaps once in a generation, and that demand a new way of looking at things.

The convergence of communications, mobile devices and applications, high speed wireless, and cloud access at a personal level, are driving functionality demands on businesses at too fast a rate for many organisations.

While for some, "lockdown" is an appropriate solution to this burgeoning situation, for others, the legitimate business benefits mean they must learn to live with it and try their best to make it work securely.

These demands, coupled with user skills and experience of deploying mobile devices at home, mean that even organisations on "lockdown" can have challenging times dealing with staff "guerrilla" deployments.

Clearly, part of the solution is deploying the right tools to both minimise and report on the risks (e.g. mobile device management, tracking and RF management, authentication, encryption, and behaviour management - as well as basic security measures on mobile devices). Solutions are available from a variety of suppliers, including Kaspersky Lab, WatchGuard, Check Point, SafeNet, Becrypt, VASCO and Allot.

However, a much larger and more important component is actually changing the way that we interact with the problem.

Currently, many organisations see dealing with these unprecedented risks as a challenge for the IT security team, whose role is to protect the organisation.

Traditionally, that was a good working model. However, in the new environment, with immense pressure for fast change and fast deployment of new applications, it is not possible for most IT security teams to carry the responsibility of securing the whole business and every user singlehandedly.

Security needs to be the responsibility of every individual user, every manager and every member of the Board. However, this is more typically honoured in the breach than in the observance, as evidenced by the fact that only a small number of staff are actually formally sanctioned or sacked for failure to comply.

Mobile security strategy

  • Risk analysis and risk acceptance
    Before any mobile device, access, application or service is added, it should be signed off as accepted by the Board.
  • Planning
    Planning for deployment should include security implementation or overt acceptance of the risk.
  • Embedding security
    Security needs to be deployed with the solution, not post event.
  • Policies
    Policies need to be clearly enunciated, not just contained in a policy document.
  • Processes
    Processes need to be clear, as do consequences.
  • Education and staff involvement
    Staff education is essential and should be 'education', not just a list of things staff can't do. If employees don't understand why they need to secure their own mobile devices or wireless connections, they certainly aren't going to be overly concerned about yours.
  • Deployment
    Deployment of mobile devices, including security elements, needs to be sold to staff i.e. get buy-in from staff that security is a key element of deployment, rather than presenting it as 'security needs to be there, so live with it.' Mobile device security and monitoring need to be introduced at the point of deployment. If this is a sign off/buy-in situation, it gets management commitment and cuts negative activities around mobile device usage.
  • Monitoring and feedback loop
    It is crucial to not only monitor, but also to be seen to be monitoring mobile security measures. High visibility and regular feedback to all staff, on both success and failure, are very important.
  • Analysis
    The Board needs to have regular reporting of the security landscape, so they are aware of the level of threat, and the levels of risk that they have accepted.
  • Forensics
    After a breach, particularly for mobile devices, organisations want to understand what has happened, what the failure was and what action they can take. Forensic tools are key to success here, such as those provided by Guidance Software.

Implementing the strategy obviously then involves the deployment of the correct tools and reporting. Clearly this also raises issue of the integration (or replacement) of existing tools with broader management and reporting solutions - but that is a topic for another day!

ENDS

About the author
Ian Kilpatrick is chairman of international value added distributor Wick Hill Group plc, specialists in market development for secure IP infrastructure solutions. Kilpatrick has been involved with the Group for more than 35 years. Wick Hill supplies organisations from enterprises to SMEs, through an extensive value-added network of accredited VARs.

Kilpatrick has an in-depth experience of IT and unified communications (UC) with a strong vision of the future. He looks at these areas from a business point-of-view and his approach reflects his philosophy that business benefits, ease-of-use and cost of ownership are key factors, rather than just technology. He has authored numerous articles and publications, as well as being a regular speaker at conferences, exhibitions and seminars. For more information about Wick Hill, please visit http://www.wickhill.com/ or www.twitter.com/wickhill

For further press information, please contact Annabelle Brown on 01326 318212, email [email protected]. For pic of Ian Kilpatrick, please contact Annabelle Brown or download from http://www.wickhill.com/company/press/pictures. For reader queries, contact Wick Hill on 01483 227600. Web http://www.wickhill.com/

Source: RealWire

Read the original blog entry...

More Stories By RealWire News Distribution

RealWire is a global news release distribution service specialising in the online media. The RealWire approach focuses on delivering relevant content to the receivers of our client's news releases. As we know that it is only through delivering relevance, that influence can ever be achieved.

IoT & Smart Cities Stories
Bill Schmarzo, author of "Big Data: Understanding How Data Powers Big Business" and "Big Data MBA: Driving Business Strategies with Data Science," is responsible for setting the strategy and defining the Big Data service offerings and capabilities for EMC Global Services Big Data Practice. As the CTO for the Big Data Practice, he is responsible for working with organizations to help them identify where and how to start their big data journeys. He's written several white papers, is an avid blogge...
Nicolas Fierro is CEO of MIMIR Blockchain Solutions. He is a programmer, technologist, and operations dev who has worked with Ethereum and blockchain since 2014. His knowledge in blockchain dates to when he performed dev ops services to the Ethereum Foundation as one the privileged few developers to work with the original core team in Switzerland.
René Bostic is the Technical VP of the IBM Cloud Unit in North America. Enjoying her career with IBM during the modern millennial technological era, she is an expert in cloud computing, DevOps and emerging cloud technologies such as Blockchain. Her strengths and core competencies include a proven record of accomplishments in consensus building at all levels to assess, plan, and implement enterprise and cloud computing solutions. René is a member of the Society of Women Engineers (SWE) and a m...
Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settlement products to hedge funds and investment banks. After, he co-founded a revenue cycle management company where he learned about Bitcoin and eventually Ethereal. Andrew's role at ConsenSys Enterprise is a mul...
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, discussed how Dice leverages data insights and tools to help both tech professionals and recruiters better understand how skills relate to each other and which skills are in high demand using interactive visualizations and salary indicator tools to maximize earning potential. Manish Dixit is VP of Product and Engineering at Dice. As the leader of the Product, Engineering and Data Sciences team at D...
Dynatrace is an application performance management software company with products for the information technology departments and digital business owners of medium and large businesses. Building the Future of Monitoring with Artificial Intelligence. Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more busine...
Whenever a new technology hits the high points of hype, everyone starts talking about it like it will solve all their business problems. Blockchain is one of those technologies. According to Gartner's latest report on the hype cycle of emerging technologies, blockchain has just passed the peak of their hype cycle curve. If you read the news articles about it, one would think it has taken over the technology world. No disruptive technology is without its challenges and potential impediments t...
If a machine can invent, does this mean the end of the patent system as we know it? The patent system, both in the US and Europe, allows companies to protect their inventions and helps foster innovation. However, Artificial Intelligence (AI) could be set to disrupt the patent system as we know it. This talk will examine how AI may change the patent landscape in the years to come. Furthermore, ways in which companies can best protect their AI related inventions will be examined from both a US and...
Bill Schmarzo, Tech Chair of "Big Data | Analytics" of upcoming CloudEXPO | DXWorldEXPO New York (November 12-13, 2018, New York City) today announced the outline and schedule of the track. "The track has been designed in experience/degree order," said Schmarzo. "So, that folks who attend the entire track can leave the conference with some of the skills necessary to get their work done when they get back to their offices. It actually ties back to some work that I'm doing at the University of San...
When talking IoT we often focus on the devices, the sensors, the hardware itself. The new smart appliances, the new smart or self-driving cars (which are amalgamations of many ‘things'). When we are looking at the world of IoT, we should take a step back, look at the big picture. What value are these devices providing. IoT is not about the devices, its about the data consumed and generated. The devices are tools, mechanisms, conduits. This paper discusses the considerations when dealing with the...