Coping strategies to secure the mobile enterprise
- Summary:
- Oracle's Suhas Uliyar on what enterprises need to do to protect themselves from mobile security breaches.
Today’s truly mobile enterprises place mobility at their core, transforming their operations, engaging better with customers and partners and creating innovative business models that boost revenue. As gateways into the mobile enterprise, the security of devices is critical: if devices are not protected in the right way, they represent a weak link in enterprise systems and data security.
A recent Oracle survey showed that mobile devices are being lost and stolen to a fairly alarming degree – especially by the young. 73% of workers aged between 16 and 24 admitted to having lost their mobile device at least once, while 52% owned up to having had their mobile device stolen on at least one occasion. The research uncovered a generational trend: among 45-54-year-olds, device theft was reported at just 20% and losses at 36%.
The loss of mobile devices should give businesses cause for concern. Mobile enterprises are agile and productive because they enable access to a wide array of systems on the move. The worry is that if a mobile device falls into the wrong hands it could be used to access these systems for malicious reasons. Such concerns should not, however, stop businesses from moving towards mobility. It just means that they should do so in a secure way.
If the enterprise owns employee mobile devices then much of this risk can be mitigated. Businesses can lock down devices; ensuring that they are password protected and, in case of loss, sensitive information deleted remotely.
However, many workers will not use a device if it is not one they are familiar with or have helped select, especially if the usability of the device is hampered by heavy-handed security measures. The danger is that employees will instead use their personal devices for work. If the IT department does not know they are doing this, it cannot secure the device and the enterprise could be vulnerable. For a truly mobile enterprise, therefore, businesses need to arm workers with the devices they want (preferably their own).
Coping strategies
One solution to this challenge is COPE (Corporate-Owned, Personally Enabled), where the business allows employees, in collaboration with IT, to choose the devices they use for work. This brings huge productivity benefits while ensuring that IT maintains control. Alternatively, businesses may embrace BYOD where employees are allowed to use personal mobile devices for work. BYOD offers significant savings on procurement and network costs in addition to productivity benefits.
Traditionally, businesses employing a mobile strategy have mostly used mobile device management (MDM) platforms, which secure the device. The problem with MDM is that it harms the usability of mobile devices by slowing the user experience. This hinders productivity and can frustrate the user, even causing him or her to stop using the device.
A more elegant approach is therefore required. Rather than securing the device, businesses should secure the
data, applications and information that the employee accesses through it. There are three enabling technologies for this approach: mobile application management (MAM), mobile information management (MIM) and identity management.Rather than locking down the entire device, MAM extends a secure ‘container’ for application security and control to separate, protect, and wipe corporate applications and data. Importantly it does so in a way that does not interfere with usability.
While ideal for COPE deployments, MAM is particularly compelling for BYOD as it securely extends all the identity services and policies of the enterprise user to their personal mobile device. For the employer this solution is ideal. Employees can lose their phones without putting corporate data at risk. Meanwhile, MAM reassures employees that employers can’t see any of their personal information.
Of course, while lost mobile devices represent a key security threat, it is not the only one. For example, data might be intercepted wirelessly through data leakages or breaches, regardless of whether the employee has physical possession of the device or not.
In these cases Mobile Information Management (MIM) will play an important role. MIM secures data at the document level. The user accesses the document through the application in the usual way but requires access permission to actually view the document, allowing businesses to secure crucial data at a granular level.
A final consideration for device and data security is identity fraud, as this is an easy way for criminals to access a victim’s professional services. Identity management is therefore a vital component of a mobile strategy and integrating step-up, multi factor authentication and authorization with mobile security policies is critical.
Mobile devices will get lost; they will get broken; and they will get stolen. But this is no reason for businesses not to embrace their use – the benefits of mobility can easily be enjoyed securely.