The demand of business today is to allow data on the go and Internet of Everything is catching up fast – these are areas of concern for the keepers of cyber security. Usage of mobile devices has been higher, tablets are only extending the purview of hand held devices. Many enterprises see benefits of mobile access as it helps in keeping the system on-the-go. However inadequate control over mobile devices may end up into a business nightmare.
One user and many devices – mobile, laptop, desktop, tablet.
When usage of mobile devices is permitted for official use, it becomes a responsibility of both device users and enterprise to ensure that it does not leak sensitive corporate information.
Listed below are the situations that exposes businesses to security risks when mobile devices are not adequately controlled:
- It is imperative to bring in controls in mobile IT access. Since mobile devices are not password protected, inadequate control over lost and stolen devices can leak out sensitive information since they lack an authentication mechanism. Unauthorized techniques such as ‘jailbreaking’ or ‘rooting’ allows unauthorized user to gain access to the operating system of a device so as to permit the installation of unauthorized software functions and applications and/or to not be tied to a particular wireless carrier. It is crucial to enforce corporate mobile policy on all users – which must include reporting lost device, keeping it password locked and exercise caution while downloading applications for personal use.
- Mobile devices do not come with default security software to protect against malicious attacks and downloads. Businesses must ensure that all mobile based or mobile synced apps are secured with enterprise ready security patterns. Since real people fall prey of rogue apps and malware, defining the limit of access on mobile devices can keep the damage on lower end.
- Mobile access exponentially increases the number of devices to be managed. This challenge is exasperated with poor separation of – information access for work and personal use, managing data at rest and information in transit, work apps and personal usage apps. Difficulty monitoring the entire mobile fleet. As it is expected to strike a balance between compliance and flexibility in meeting the access needs of all users. In includes integration of business applications, single-sign-on functionality and creation of an in-house app store. White-listing right set of applications etc.
- Limiting internet connection through firewalls in Mobile devices is a far cry. A secure IT ecosystem connects devices to secured wide area network as it communicates through ports to connect with other devices and the Internet. In a non-secured access, a hacker could access the mobile device. Moreover non-encrypted data transmitted and/or received may pose a threat. For example, an application transmitting data over an un-encrypted network using http, rather than https, the data can be intercepted.
- Unlike traditional web-based browsers, mobile browsers rarely get notified for updates. To discourage hackers from exploiting vulnerabilities associated with a redundant system, it is important to keep the system updated. The need for creating an indigenous security framework is all the more important as security patches for third-party applications might not fulfill the strategic needs of business.
Allowing access on mobile devices is good, but being lazy about enforcing control make it a cut to the chase game. More and more enterprise are holding on to sensitive data that is passed on to users who are authorized to gain access and could include access via mobile devices. Almost every Information security professional understands the mission critical aim of achieving mobile security, however getting a grip on it can pose a challenge. It is recommended to start as soon as you can to ensure better control over mobile devices.