Aug 27 2014

How to Deal with Mobile Insecurity

App management and user training are key building blocks to an effective security strategy.

Mobile technology is still in its infancy, and use cases for mobile in the enterprise are constantly evolving. However, security threats are evolving too. As ­employees find more ways to connect and share data, more cracks in the mobile enterprise armor are exposed. Mobile security is anything but fix-it-and-forget-it; businesses have to keep up if they want to keep safe.

Many IT administrators still think requiring a password and the ability to remotely wipe devices — features traditionally delivered as mobile device management — constitute adequate security. But the security threats that mobile devices face have moved far beyond the protection level of traditional MDM. Now, an effective mobile security strategy must include mobile application management and thorough user training.

Threats at the App Level

Mobile apps, with their ease of installation, provide a new vector for risk. The ease of installation of mobile apps greatly increases the number of doors through which malware can enter the enterprise. Mobile app stores go a long way to help prevent malware, but they cannot provide bulletproof protection. The Apple and Google app stores perform some level of security and compliance verification. However, users are still free to download and install apps from unknown sources.

Another security hole comes from the data that mobile apps may access during normal operation. Many apps use data that resides on a device, such as contact information, as part of legitimate functionality. But when keeping client contact information confidential is of utmost importance to the organization, access to this data could be considered a major privacy violation.

The Inside Threat

The most dire threat, however, comes from an organization’s own end users. The data breaches that these users perpetrate usually are innocent intrusions done in the name of productivity, but they can have damaging and far-reaching effects.

Email is the most obvious path for sharing company data. To address this threat, IT administrators can limit the size of email messages. But users are savvy enough to look for other places to push larger files, such as Box and Dropbox. These cloud-based file-­sharing services are also squarely outside the corporate firewall and control. Once this data has left the enterprise network, it is almost impossible to get it back — or even to know where it has gone or who has seen it.

Getting Off to a Good, Secure Start

With the amount of control in end-users’ hands, it is easy to see why mobility in the enterprise pushes IT administrators well beyond their comfort zone for network security.

First and foremost, a successful mobile strategy starts with the right attitude. IT administrators have to see end users as part of the solution, not the problem. Employees and the apps they use are the new front lines of the enterprise network.

IT managers have to guide not only the technology but also the user base.User education is an important element of security. The IT department should explain to users why certain actions are more secure than others. The IT staff can deliver this information via email, mobile policy documents or education sessions such as learning lunches.

To help manage mobile apps, IT administrators can use mobile application management solutions, which consist of several key components. An enterprise app store for managing app deployments and blacklisting, licensing and updating apps is essential to any MAM solution. MAM also should allow the IT department to control specific features of apps.

Many MAM solutions provide a secure method of sharing company data and files that can be managed through the entire lifecycle. Finally, an effective MAM solution should allow an IT administrator to apply policy to mobile usage, such as allowing or denying specific app features.

A word of caution: Even though MAM solutions give IT staff the ability to restrict apps and capabilities, admins should be careful to not clamp down too tightly. Many IT administrators tend to overreact when it comes to mobile security, which could backfire with users who may find alternate avenues to get around restrictions. A better strategy is for IT administrators to cooperate with end users to create scenarios that help them get their jobs done.

An educated workforce that has been provided with a flexible MAM solution generally is willing to work with IT staff. Helping employees develop secure mobile habits with the assistance of MAM will be a company’s best line of defense in an ever-evolving mobile landscape.


Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT