Security plays an important role in the success of mobility implementations worldwide. We assume security threats are always present; however, it’s not always apparent where threats may arise from. Being aware of these potential risk areas is crucial.
Since mobility solutions offer users the ability to use devices on a range of networks and in a wide array of places, threats may come in unsuspected ways, or be inadvertently introduced into your enterprises network. For example, one recent study reveals that 80 percent of corporate security professionals and IT leaders recognize that “end user carelessness” constitutes the biggest security threat to an organization.
In addition, information from the Cisco 2014 Annual Security Report sheds light on the persistent security attacks that enterprises face. From hackers to malicious malware, it’s clear that security threats arise from unsuspecting places.
Given this knowledge, business decision-makers must gain insight into where these breaches are occurring. They should also understand why it is important for them to care, and how they can be aided by technical decision-makers to solve these issues moving forward. In this post I’ll discuss the where, the why and the how of embracing a secure approach to enterprise mobility and what it means for business leaders.
Where are security threats?
Today’s organizations are facing a greater attack surface as advanced mobile devices and public cloud services foster new attack models and increasing complexity within networks. There is a growing abundance of Internet-enabled devices—smartphones, tablets, wearables, sensors, cars, refridgerators, etc. —trying to connect to applications that could be running anywhere, including a public software-as-a-service (SaaS) cloud, a private cloud, or a hybrid cloud. In short, this any-to-any infrastructure, where any device in any location may be coming over any instantiation of the network, is changing the way we need to approach security and risk mitigation.
To cover the entire attack continuum, organizations need to address a broad range of attack vectors with solutions that operate everywhere the threat can manifest itself: on the network, on traditional endpoints, on mobile devices, and in virtual environments.
How can threats be thwarted?
The best approach is a proactive one, rather than a reactive one, especially when many organizations may not know when they are under attack. Business leaders must work with IT teams to institute a formal program for managing mobile devices and to ensure that any device is secure before it can access the network. Inside Cisco, we call this our Trusted Devices approach.
Many organizations unknowingly create the potential for a security threat if an employee’s device is lost or stolen and not secured. Attackers can access intellectual property and other sensitive data through these lost and unsecured devices. At the very least, every IT organization should enforce a personal identification number (PIN), an automatic timeout lock, and have the ability to remote wipe a device if it is lost or stolen. Encryption is also highly recommended as it helps to secure data at rest. Finally, choosing and enforcing minimum operating system (OS) versions helps to limit exposure to known exploits.
Why does a balanced approach to mobile security matter?
In a recent blog post, I discussed the need for organizations to deploy a balanced approach to mobile security. This approach should focus more on protecting the network and proprietary data and less on implementing overly broad restrictions. IT needs to approach security with a user experience mentality. After all, if you overly manage devices, your adoption will be low and so will your return on investment (ROI). This approach can lead to greater opportunities to align threat intelligence and security best practices.
All organizations should be concerned about finding the right balance of trust, transparency, and privacy because much is at stake.
To learn more about this balanced approach to mobile security, check out the new interactive asset, Navigating Security Threats in a Mobile World. The asset provides a unique point-of-view from business perspectives about emerging mobile threats, as well as technical perspectives for partnership. Most importantly, it shows how the two teams can work together to make informed security decisions and better realize the benefits of the future of mobility.
Join the conversation, follow @Cisco_Mobility on Twitter, #FutureOfMobility.
Additional Information:
- Cisco Mobility
- Cisco Intelligent Network
- More of my blogs can be found here.
This is why a company like Blackberry will remain valid. Too many Iphone and Android hacks…Corporate security should be one of the highest priorities in the enterprise. Surprised Cisco hasn’t partnered with a company like this before on mobile security – or maybe it has…
Hi Scott,
We partner with several different companies to deliver a holistic mobile security offering. Our Identity Services Engine product integrates with all of the popular MDM solutions (MobileIron, Airwatch, Citrix, etc.). Our Meraki group has a free MDM for small and medium business. We also offer solutions like FireAMP for Android that tracks and prevents malware on Android.
I agree that BlackBerry is one option to solve this. Apple’s built-in security in iOS 7.1 is quite advanced. Android has come a long way, and OEMs like Samsung and Cisco have added better security on top of the OS itself.
As a computer professional, mainframe, these security “soft spots” concern but do not surprise me. I have been thinking about these inevitabilities for a good while.
All of the security warnings, cautions and the advise offered are valid and, in my opinion, necessary. One additional possible solution is mandatory virus/malware protection for ANY device that accesses the “Internet” in any way. These sorts of apps may or may not exist…they may have to be created. In any case, it promises, going forward, to be an enterprising business for some corporation. Seems to be an idea whose time has come.