In a post on ReadWriteEnterprise, guest author Vijay Dheap, Mobile Security Strategist at IBM, outlines how organizations can effectively implement a mobile risk management strategy. Below is an excerpt of the post, but for the full version please read: The Mobile Enterprise: 4 Steps To Keeping It Secure [Infographic]
Security is a balancing act, especially when it comes to emerging technologies that promise to unlock massive business potential. Each new wave of change requires an enterprise to adapt its security posture, or risk being left behind – or exposed to unmanaged risk.
Mobile is no different.
Given the dynamic nature of the mobile market (see mobile stats in the infographic below), it can be difficult for an enterprise to define a mobile risk management strategy. Organizational inertia alone can lead to increased risk. One approach is to concentrate on four focus areas of mobile security:
1.BYOD, or Bring Your Own Device. BYOD policies should reflect the organization’s risk appetite based on its industry, regulations and culture. Policies can modulate the degree of device choice and which employees participate. Of course, before it can enforce its BYOD policies, an organization needs to gain visibility and control over these new devices.
2. Protected Access: Mobile devices empower employees to access relevant information whenever they need it. No matter how much enterprise data is stored on the device, users will frequently need to access additional enterprise data and resources. The enterprise must not only establish secure connectivity channels but also manage risk associated with user authentication and authorization. Given that mobile access typically takes place predominantly outside enterprise boundaries, special care is needed to prevent unauthorized access and reduce risky behaviors.
3. Secure Mobile Solutions. Apps have emerged as the primary interface for delivering mobile solutions to consumers, partners and employees. External mobile app developers – who are generally not particularly security aware – need tools and processes that help them bake in the enterprise’s security standards and best practices. And the enterprise must also enforce a baseline of security standards across the entire range of mobile solutions it develops.
4. Mobile security through risk management. As mobile adoption accelerates, it becomes a richer target for attackers towards individuals or organizations. To identify risks and take appropriate mitigation steps, enterprises need to gather intelligence across all the touchpoints of mobile engagements. Intelligence gathering should include aggregating security events from the device, users, apps and the network for analysis – including tracking compliance with existing risk management policies.