April 13, 2015 By Tom Mulvehill 3 min read

Does Anyone Doubt Mobile Security Should Be a Strategic Initiative?

According to eMarketer, the global smartphone audience surpassed the 1 billion mark in 2012 and was projected to total 1.75 billion in 2014. Meanwhile, Gartner projects more than 268 billion mobile app downloads will have taken place by 2017. As the pace and adoption of mobile computing grows, so do the security risks and threats. Cybercriminals are practical actors; they follow the money and the path of least resistance. The mobile platform is proving to be a choice target for malware where double-digit or even triple-digit growth has been reported. The malware is looking to steal sensitive user and enterprise information. So what should enterprises do?

Start by Securing the Device and the Data on the Device, but Don’t Stop There

A key concern for enterprises is data leakage. Are your employees using their mobile devices as a conduit to share and exchange enterprise data? The best and easiest way to address this concern is to manage employee devices via bring-your-own-device policies. However, there is always a trade-off between security and utility. You need to ensure your mobile device management solution provides flexibility in terms of policy definition and enforcement. For example, could a stronger device password be required? Do you have a secure way to share enterprise content and safely collaborate with fellow employees? Could you selectively wipe enterprise data from a compromised or at-risk device but ensure personal information is not removed? As enterprises gain control and confidence over securing devices and data, attention must be paid to the mobile applications on the device.

Your Mobile Applications Live in a Hostile World

Enterprises have little to no control regarding the installation of their mobile applications. Chief information officers and chief information security officers agree that their mobile applications are installed on at-risk devices. The risk may be introduced by mobile malware or be on devices that have been rooted or jailbroken. Rooted or jailbroken devices make mobile security and mobile operating system security ineffective. Therefore, it is incumbent upon each organization to ensure all sensitive mobile application data is encrypted. However, once you build a secure application, you must keep it secure. Since mobile applications are in the wild, they can be easily reverse engineered. Organizations that have sensitive intellectual property or want to prevent having their mobile apps repackaged with malware should first harden the app prior to its release.

Read the white paper: Secure the Mobile Enterprise

Mobile Authentication and Access Policies Must Adapt Based on Security Risk

Mobile users have zero tolerance when it comes to consumability. There is an expectation that mobile applications will be easy to use. When secure access management requirements collide with ease-of-use concerns, there must be a flexible and adaptable approach to secure authentication. Organizations cannot apply the same stringent access control policies for every application, yet they need to detect and prevent fraudulent transactions. What is needed is an adaptive approach that considers context. For example, is a user attempting a bank transaction from an unrecognized device in a historically different location? In this scenario, a one-time password might be sent to the user to enforce stronger authentication. The authentication requirements must adapt based on context.

The IBM Mobile Security Framework

IBM has developed its Mobile Security Framework to provide a holistic approach to mobile security.

Mobile security risk is prevalent on the device when it comes to protecting content and data, safeguarding applications, managing secure access and detecting fraudulent transactions. Organizations require a holistic and integrated approach to managing mobile security risk. A collection of point products does not provide an end-to-end solution. A holistic approach to mobile security should address all the risks and the unique interdependencies between them.

https://youtu.be/u-AOq3k6Nfo

More from Endpoint

Unified endpoint management for purpose-based devices

4 min read - As purpose-built devices become increasingly common, the challenges associated with their unique management and security needs are becoming clear. What are purpose-built devices? Most fall under the category of rugged IoT devices typically used outside of an office environment and which often run on a different operating system than typical office devices. Examples include ruggedized tablets and smartphones, handheld scanners and kiosks. Many different industries are utilizing purpose-built devices, including travel and transportation, retail, warehouse and distribution, manufacturing (including automotive)…

Virtual credit card fraud: An old scam reinvented

3 min read - In today's rapidly evolving financial landscape, as banks continue to broaden their range of services and embrace innovative technologies, they find themselves at the forefront of a dual-edged sword. While these advancements promise greater convenience and accessibility for customers, they also inadvertently expose the financial industry to an ever-shifting spectrum of emerging fraud trends. This delicate balance between new offerings and security controls is a key part of the modern banking challenges. In this blog, we explore such an example.…

Endpoint security in the cloud: What you need to know

9 min read - Cloud security is a buzzword in the world of technology these days — but not without good reason. Endpoint security is now one of the major concerns for businesses across the world. With ever-increasing incidents of data thefts and security breaches, it has become essential for companies to use efficient endpoint security for all their endpoints to prevent any loss of data. Security breaches can lead to billions of dollars worth of loss, not to mention the negative press in…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today