For many years experts cited Web security as...
Are You Barking Up the Right Tree?The fact that enterprise mobility poses significant security challenges is unquestionable. However, there is a lot of speculation when it comes to identifying the cause-effect of these challenges. See if you got everything right:
Cyber-criminals vs. Careless employeesIf you still think it’s hackers you should watch out for, think again. It’s the person who accesses your corporate data from an enterprise-owned or personal device daily that has the most influence over what’s happening. It’s the employee’s day-to-day decisions and actions that pre-define how protected or vulnerable your data is and will be in the long run. Employees are most likely to take the path of least resistance in leveraging mobile devices for business purposes, which may lead to unsafe computing practices. Today, careless employees pose a much bigger threat to corporate security than cyber-criminals. “Secure is as secure does” might become a good new rule of thumb for mobile corporate environment.
Malware vs. Unclear Corporate PoliciesBy default, malware and corporate data loss are two biggest nightmares of any IT Department Head when it comes to enterprise mobile security. Lack of properly articulated corporate policies is not considered by most companies to be a security risk of itself. However, recent reports prove it to be the number one reason for major security risks. Management is often lenient when it comes to employee’s choice of devices and apps, since they are proved to boost productivity. As a result, the situation gets out of control and becomes hazardous long before any malware attack occurs. A lot of companies falsely assume that not having a clear bring your own device security policy keeps them out of the problem altogether. Yet, this should be the first step towards improving overall security of corporate data. Once articulated, those policies should then be enforced properly across the company, so that no employee regards them as optional.
Security vs. ProductivityCompanies who take a proactive stand in securing their data in the new mobile-driven reality tend to hit another extreme, data control totalitarianism. Implementation of control features is surely the way to secure data. Ironically enough, over-control impedes employees’ productivity, which is the primary reason for mobile enterprise solutions to exist.
MDM vs. Human FactorsMobile Device Management is perceived by many executives as a silver bullet for corporate security. Modern MDM solutions are advanced enough to provide protection in most tricky situations, from security of mobile applications to cloud transfers and network security. So, in case a mobile device is stolen or lost, data stored on it can be wiped as soon as it is reported missing. What these solutions are not able to control, though, is human factors. Employees aware that a lost device is doomed to be wiped tend to delay reporting, because the idea of losing photos from Caribbean holidays is more unbearable than the idea of an annual report getting into competitors’ hands. Thus, when designing mobile device security policies, meditate on how and when data can be wiped automatically from mobile devices. For example, delete all contents after several failed login attempts, or in case the device wasn’t connected to corporate network within a specified time frame.
Proved Solutions to Embrace the ChaosRecently, companies have been actively evaluating their corporate mobile security options and trying their best to come up with robust mobility strategies. So by now, you have quite a few choices to opt for. Study what’s out there and choose what best suits your company’s needs (or which acronym appeals to you more):
- BYOD (Bring Your Own Device) allows employees to use personal mobile devices for work. The strategy has been gaining a lot of attention recently, especially by smaller businesses. It is advantageous in a number of ways: it decreases costs, increases productivity, solves the learning curve issue, since employees are already familiar with their phones, and take the initiative to update them themselves to enjoy cutting-edge technologies. As a result, happier employees and, sadly enough, a Pandora’s box of security issues to be tackled.
- CYOD (Choose Your Own Device) is a step forward in an attempt to regain control over corporate data security. This option presents workers with a limited number of personal devices to choose from for professional use. It keeps a certain amount of freedom on the employee’s side of the playfield, while allowing for more control from the company. As a result, increased overall and mobile application security. The drawback is high costs. The strategy only makes sense when the choices are kept updated, which is hard since major manufacturers launch new mobile products annually.
- COPE (Company-Issued Personal Enabled) This strategy removes the differences between devices because every employee has the same one. The downturn to COPE is privacy concerns, as IT is enabled to see any personal data inside the phone. And hey, people already have enough devices to be torn between.