DOC RABE Media - Fotolia
There is a lot of hype around mobile data security threats, so IT admins need to weed out the risks and determine what it really takes to protect corporate data on mobile devices.
Once devices can access corporate applications and data, they become an immediate threat to security. Employees can easily lose mobile devices. Passcodes aren't foolproof, and many users don't even bother with one in the first place.
Mobile vendors continue to increase the security of both hardware (by improving microprocessors, sensors and biometrics) and software (by adding security capabilities to operating systems, browsers and email clients). Still, there are plenty of security challenges to deal with when valuable corporate data crosses the network to the Web or the cloud. So, what are the most salient mobile data security threats, and which can IT admins worry about less?
There are a few areas where the hype around mobile data security is very real. For instance, there are many potential attack surfaces that IT needs to protect -- Bluetooth, NFC, Wi-Fi, GPS, to name a few. Organizations are especially vulnerable to data leakage when employees use unauthorized personal file sharing services such as Google Drive or Dropbox for work purposes.
Other mobile data security threats, such as device loss, use of unapproved mobile applications and lack of password protection, continue to grow as well. They are some of the key contributors to data loss. The portable nature of mobile devices makes them vulnerable to theft, making it critical for IT to be able to remotely lock down and wipe them.
BYOD in particular can make it difficult for IT admins to or perform a data wipe or restrict employees' access to certain corporate data; users own the device, so organizations need to determine what admins can legally do. Without thorough policies in place, IT may not be able to take the necessary steps to secure corporate data on employee-owned devices.
But other security measures are less crucial. Mobile devices are certainly vulnerable to malware and viruses, but with each successive OS release, device manufacturers expand their exploit mitigation features. Handset OEMs have also added capabilities that can prevent exploited software from doing further damage to a device, such as the ability to prevent modified OSes from booting, kernel integrity monitoring and more robust sandboxing and containerization mechanisms.
Security best practices
- Pre-determine the device types and OSes IT will allow, based on IT staff expertise.
- Scrutinize the data that devices can access. Create a protocol to protect that data that includes authenticating the user, encrypting the data and banning backups.
- Enforce stringent security practices such as passcode requirements and antivirus applications.
- Create data protection policies such as prohibiting apps that read data from the device or apps that transmit data to cloud.
There is inevitable hype around mobile data security threats with each high-profile security breach that occurs, but it is important to note that virtually none of those breaches are related to mobile devices. Despite the aforementioned hardware and software security elements, neither an ideal hardware configuration nor one type of network protection can reliably catch all threats. Investing in IT staff with mobile-first security expertise is important, as is implementing the appropriate infrastructure to enable secure remote access to pre-existing data stores and application platforms.
This article originally appeared in the March issue of the Modern Mobility e-zine.
Learn about the top three mobile security threats.
Use this handy guide to understand mobile data protection.
Take this quiz on mobile data security.