Mobile security challenges have long plagued the enterprise, but nowadays, IT has more options for tackling the most prevalent issues. Beyond traditional mobile device management , there are plenty of other mobile security systems that give IT admins granular control to better protect devices and their data.
In the early days of enterprise mobility, the most common security concerns involved wireless networks and encryption of data at rest. Those same risks are still present and valid, but today's mobile security challenges have grown to be much more complex. Now, there are myriad security-related challenges in mobile computing that affect each and every business in untold ways, including the following:
- balancing the protection of business information and user privacy;
- meeting regulatory requirements for mobile data storage and retention;
- unencrypted communication sessions, input validation flaws and forensic artifacts left behind and exposed to other apps and users;
- configuration and security evaluations -- e.g., audits, penetration testing and code analyses -- necessary to meet certain minimum compliance or contractual requirements;
- risk of malware;
- file sharing and collaboration;
- integration with cloud services; and
- enforcing passwords, critical software updates, and related policies and standards across multiple mobile platforms.
IT must navigate plenty of mobile security challenges. The big question is, how? Should IT shops move beyond traditional mobile device management (MDM) to enterprise mobility management (EMM), or the more recent unified endpoint management (UEM), to further enhance their overall mobile security systems?
Tools for the security toolbox
The following are technologies that enterprises both large and small have access to, and they can all help ensure that mobile computing adds to rather than takes away from the organization's overall information security strategy.
IT can use MDM to control the physical asset. IT needs and security risks have evolved past the device, but MDM still remains a core function of managing a mobile environment. Mobile application management (MAM), meanwhile, controls how apps interact with each other and with corporate data. The more apps become available for both personal and business consumption, the greater the attack surface and potential there is for vulnerability exploitation.
IT may also use identity and access management for assimilating and managing users. This process happens just like it does on traditional enterprise computers and applications: before, during and after a user's employment. For some users, mobile is the only form of computer and system access, so IT must properly oversee the identity management process.
Threat intelligence and analytics provides contextual insight into what's taking place on mobile devices, which could include artificial intelligence technology that automatically detects and mitigates threats, either directly on mobile devices or in conjunction with existing enterprise security controls.
IT may also install patches and updates to ensure that systems are running on stable, supported and secure versions of apps and OSes. Although patch-related security risks are not as prevalent on mobile as they are on traditional desktop systems -- especially those running third-party software such as Java and Adobe -- the risk exists and will likely grow as enterprises become more dependent on mobile platforms.
Also necessary is secure web browsing for protecting users, mobile devices and the information stored on them from online threats, which can include better malware protection as well as a containerized storage area that separates work and personal usage.
In that vein, secure collaboration and file sharing comes in handy for supporting this core function of mobile and ensuring users are meeting corporate mobile device security policy and compliance requirements. IT can control these features in UEM or through EMM tools as part of an enterprise file-sharing and synchronization system.
Demonstrate your understanding of mobile security threats
Do you know what it takes to provide mobile security? Take this quiz that covers differences in mobile OSes, containerization, data encryption and more.
Lastly, IT may reach for e-discovery and forensics analysis for supporting network events (incidents) and confirmed breaches. Ongoing business legal activities involving investigations and holds are common, especially in larger organizations.
Many of the latest mobile security options integrate with existing technologies such as Active Directory, security information and event management, virtual private networks and more. In certain cases, they even extend out beyond traditional mobile devices and cover wearable and internet of things devices as well.
The evolution and management of mobile computing is a complex and difficult endeavor. Over the years, standalone mobile security systems have evolved into MDM, then EMM and now UEM. But many of the risks and exploits that occur on traditional desktop computers today will affect mobile systems more and more down the line. What will IT do, then? At a minimum, IT shops must follow existing incident response procedures.
Still, is your business ready to face today's mobile security issues? What does IT need to tweak in terms of mobile-related technologies and procedures? The next reasonable step is likely to perform a mobile security risk analysis to determine where you can get better. Better to start thinking about it today than trying to wing it when the going gets rough.
Are all businesses on board with mobile security?
Mobile app assessments super-charge security
MDM and compliance go hand in hand for security