Enterprise Mobility: Security Risk or Worth It?
For the first time in computing history the enterprise is being influenced by its employees and consumers technology through IT consumerization. IT consumerization is the blending of personal and business use of technology devices and applications. Many companies have embraced a mobile-first strategy. But when employees are left to their own devices, InfoSec experts face unchartered territory. However, enterprise mobility can be and is in my opinion is absolutely a strategy enterprises cannot continue to ignore.The trend towards enterprise mobility can indeed add to concerns over BYOD (bring your own device) security. And even though such systems are key to business operations, they’re not regularly maintained or tested for vulnerabilities, mainly due to availability concerns.
Enterprise mobility really is a double-edged sword: it helps provide broad data access along with communication capabilities for a great deal of the workforce, often at little to no direct cost. It also aids in opening up security issues that can range from vulnerable apps to security issues and employees accessing sensitive corporate data via unsecured networks.
Many CISOs and CIOs tend to realize that while security technologies and mobile device management do play a role, clear policies are essential to harnessing the benefits of BYOD. The aim of such policies needs to be to increase user productivity and satisfaction while ensuring compliance and the utmost security.
It Is A Risk Worth Taking
So where do you start building a mobile security policy? Simple: start with what makes you uncomfortable. Devices need to meet “trusted device standards” in order to comply and employees should use VPN clients to gain access to the company network. What’s more, employee-owned devices should support security policies and frameworks that keep enterprise data secure at rest and in transit.The trend towards enterprise mobility with critical systems and data can add to the concerns over BYOD security. While some security policies are indeed standard procedure, you need to identify which functions, data and applications need protection most in order to understand how enterprise mobility could expose them. Some companies, such as Cisco and Oracle, use MDM (mobile device management) and MAM (mobile application management) to do application installs / removals, containerization and encryption of enterprise data, and in some cases remote wipe for loss prevention.
BYOD does bring many benefits when it comes to empowering your staff with timely information, offering flexibility and increasing productivity. Enterprise mobility also have many customer benefits such as improving consumer loyalty, streamlining customer support process and reducing support costs. The benefits far outweigh the risks, but every company has unique situations and that’s where BYOD security technologies and policies should be focused.
Take the First Step
Enterprise mobility necessitates partnership with business leader involvement coupled with the understanding that not all risks are bad. The first step should be to establish a committee of business and tech leaders to identify the data and critical systems that should be considered when formulating the BYOD policy. The next step should be to review policy and technical controls based on potential risks and threats to your current operations.Based on this sort of analysis, security officers and CIOs will be able to determine how to enhance and enable their enterprise mobility programs to moderate business risks.
Learn more about Oracle’s Enterprise Mobility Management (EMM)
Looking for a partner to help your enterprise mobility needs, check out OpenArc.
