With mobile device management becoming a top priority for enterprise IT directors around the world, technology experts are attempting to identify potential vulnerabilities and responses that may redefine mobile security in the coming years.
By all accounts, the consumerization of IT has firmly established its presence within the business community. As the line between consumer device and business tool become increasingly blurred, company data loss is becoming a prime concern. To stay ahead of the curve and weather the storm of mobile security threats, InformationWeek contributor Rob Lemos suggests keeping an eye on two major areas that can impact mobile security – application markets and file syncing and transfer services.
Considering application stores and marketplaces are often the sole distribution point for mobile productivity tools, data protection relies heavily on the security of these platforms.
“Because we are dealing with the age of the app Internet, it is really easy to download on an impulse any app that you want, and that can be dangerous,” security expert Andrew Jaquith told the news outlet.
In an effort to regulate the distribution channel, Lemos believes that companies will start taking a harder look at application review processes. This may mean asking tougher questions of those currently vetting popular application markets, or it may also mean developing proprietary app stores for companies with adequate technical resources. IBM has already created its own store in an effort to limit the potential for irresponsible downloading by employees.
Along with application security, file syncing and cloud services may present several security challenges, according to Lemos. Mobile devices bring undeniable productivity benefits to a company’s workforce, but the relative youth of the underlying technology has translated to a rash of data breaches. With information constantly moving between devices and host storage sites, data can be lost or intercepted in transit.
Earlier this year, popular online data host Dropbox made headlines with an unfortunate lapse in privacy protection. A system bug temporarily allowed open access to user accounts.
“A very small number of users logged in during that period, some of whom could have logged into an account without the correct password,” noted Dropbox officials in a company blog post.
To address these concerns, companies may be tempted to deploy a virtual private network to govern mobile devices. However, Lemos suggests that this approach may backfire. Although encrypted communication on a centrally managed platform is generally a good idea, consumer mobile devices may still be bringing data security threats to the environment in the form of infected applications.
The threats presented by mobile devices are growing in volume and complexity everyday. To respond to these challenges, security analyst Sian John recently suggested in a Computer Business Review post that it is time these devices be treated with the same gravity as desktops and servers.
According to John, the first layer in an effective defense strategy should be mobile security software. Although it may sound obvious, companies, and especially consumers, have been slow to observe this precaution. By covering all endpoints with a strong security base, network administrators will be better prepared to deal with more advanced threats.
Centralized mobile device management may also be an appropriate strategy. Policies and practices will be most effective if they can be quickly applied to all network devices. According to John, access governance should be at the core of these policies. Strong password requirements and two-factor authentication will help ensure company data never reaches the wrong hands.
However, data disasters will inevitably occur. Establishing remote access capabilities may be essential for mitigating damages, according to John. Using these tactics, network administrators will be able to lock devices or wipe data in the event of loss or theft.
Data Security News from SimplySecurity.com by Trend Micro