The 5 Commandments for Mobile Security
The mobile security game moves at a breakneck pace and the rules change almost daily. In the past several weeks alone, we have witnessed serious vulnerabilities on iOS and Android that combined could affect users of over ONE BILLION devices globally. (Side note: be nice to your IT pros this week and pick up the tab on their Starbucks run, they likely have not slept much.)
These headlines underscore the need for enterprise IT to remain vigilant in the wake of an ever-changing threat landscape, but there is so much misinformation and FUD circulating that many IT leaders don’t know where to begin. If you’re looking for a great resource for evaluating mobile security, Forrester’s latest research, “Market Update: Security Remains A Key Component To Enterprise Mobile Management”, takes an objective look at the leading solutions in-market and provides timely recommendations and best practices based on research across the industry. A highly recommended read.
One question that we continue to hear often is “What do I need to do differently on mobile than what I already do for existing endpoints?” Securing mobile is VERY different, for a number of reasons related to the speed of technological advances, the constantly evolving threat from criminal and state-sponsored organizations, the collection and distribution of large volumes of data, and the simple fact that these devices don’t sit still – they roam, they leave the building, they connect to external networks, they are easily lost and stolen, and they are scanned, sniffed, hijacked and manipulated much more often than enterprise security departments dare admit.
Yet for all of these mobile security risks, there’s no Bible (yet…) for mobile security. If there were, we’re confident the following Five Commandments would not be out of place:
The 5 Commandments of Mobile Security
- Thou shall honor thy user's expectation for privacy on BYOD devices - Because if you don't respect their expectation of privacy, they are not going to respect your security protocols.
- Thou shall resist the temptation to focus solely on devices, and look to ways of protecting enterprise data and users. Locking down the device prevents unauthorized use, but malware, spyware and other advanced exploits don't require a passcode.
- Thou shall consider a holistic approach that includes policies for devices, data, apps and network. Remember to take heed of commandment #2.
- Thou shall revisit your mobile security strategy quarterly or face the wrath of mobile miscreants. Honor the investment you have made in your mobile security strategy by taking the time to regularly update it based on new threats, industry best practices, the expertise of your peers, and new developments in security innovation.
And last, but most importantly:
- Thy users will follow the rules if it's easier than breaking them.
One thing is abundantly clear – security remains the number one IT priority for business today, and mobile security is high on the priority scale of organizations that are mobilizing critical business workflows. Want to learn more about how to implement mobile security in your organization? Download our white paper “Mobile Security: Addressing the Evolving Threat Landscape” for expanded insight into how mobile security has evolved to meet the requirements of the mobile focused enterprise.