Mobility x Security
By Daniel Sobral, CSO, JBS USA
Mobile devices, such as tablets, smartphones and cell phones, have become increasingly popular and everyday become more embedded in people’s day-to-day lives. They are able to perform most of the actions taken on computers and notebooks, as Web browsing, Internet banking and access to email and social networks.
“It is important to implement solutions that analyze content integrating web, email and data security to prevent general and targeted attacks”
According to an IDC report, with each day more consumers are using their mobile devices as their main access point to internet, migrating from the old PC based system. The prediction is that in 2015, for the first time in history, the number of North-Americans consumers that use these devices will be bigger than consumers that use computers.
The research indicates that in 2012, only in the USA, 240 million people accessed the internet through personal computers and until 2016 this number should be reduced to 225 million. In this same period, the amount of mobile devices will increase from 174 to 265 million.
The expansion of mobile usage keep bringing a new business view to companies and create many opportunities to explore this trend with mobile applications development. This is done through exploration of the sales process, facilitation of customer service, obtaining competitive advantages and aggregating more value to products.
Although, just like a computer or a laptop, mobile devices can also be used for malicious practice activities by criminals, such as data theft, spamming, spreading malicious code and internet attacks.
The major goal of an attack to mobile devices is to obtain the content of emails, confidential files, SMS text message or MMS, contact lists, calendars, call history, pictures, videos, credit card numbers and passwords which tend to be stored in such devices.
The usage of mobile devices in corporate environment to access internal data through corporate network, or by internet, has become a constant concern to information security professionals when providing the protection needed to devices used by employees.
The biggest challenge for information security professionals is to supply the protection needed without losing the advantages of mobile devices, creating innumerous barriers that make harder to explorer the innumerous gains these technologies provide.
What to do in order to achieve the security needed without losing the competitive advantages this technology provides?
Some points should be considered when talking about mobile devices management: security policy, security tools, device’s installation and provisioning, remote maintenance and user awareness.
The first step is to make a risk analysis to identify all risks related to the mobile devices inside the company, and based on the analysis result, define security policies specific to mobile devices.
Each company has specific needs which should be met by these security policies, and on its mobility strategy, combine different functions for an effective management, such as: restrict content, calls or messages, install security tools (anti-malware, encryption, application monitoring) on all devices, secure access to company information using SSL connections and restrictions on synchronization and data transfer.
It is also important to identify who can access corporate network and data, always moving toward the corporate security policy and the authorization levels provided to employees, without preventing them from adopting the mobile devices in their daily routine.
Therefore, the company guarantees the mobility resource delivery allied to the maintenance of security level of the environment. You also need to identify the devices outside the corporate network (owned by the employees) and include them in the management strategy.
Providing mobility and agility to users via mobile devices must comply with certain assumptions. First, is to put the capabilities of personal electronic devices to good use in the workplace, protect sensitive data and the devices themselves, especially smartphones and tablets. Another one is to establish and follow corporate policies for network protection, corporate information and employees. Finally, ensure traceability to private and corporate data that is transferred to and from mobile devices.
It is important to implement solutions that analyze content integrating web, email and data security to prevent general and targeted attacks. Provide devices for safe access and enable centralized monitoring and provides tools that facilitates cleaning of corporate data on employee's devices and prevent leakage and data loss.
The adoption of an effective solution is not always the only solution to meet the challenges of mobility in the corporate world, as the mobile device management and the acquisition of technology by employees are very recent concepts. Therefore, companies should work more collaboratively, engaging managers, IT staff and users.
You must create awareness campaigns for employees exposing the risks in the use of mobile devices and the impact this incurs for the company if an incident occurs. It is believed among all professionals of security information that the human factor has always been the weak link in the chain and orientation to employees on how to protect themselves from the social engineering type attacks and other precautions are of utmost importance.
The mobility theme is strategic for companies and security professionals should treat it as such, and help to insert it in the corporate environment without the placement of barriers that prevent their adoption. In this context, noting the points mentioned in this text it is possible to visualize that mobile devices can be used without exposure to high security risks and enjoy all the benefits that mobility provides.