July 27, 2015 By Michael Ambrose 2 min read

When we think of mobile security, the first thought that pops into our heads is securing the device and the content on the device. While this approach has worked well for many companies in the mobile security space, it covers only 20 percent of the threat. To understand why we need to look beyond just securing the device, we must understand how a mobile device gets compromised.

This short video depicts a scenario in which a device can be hacked:

Why Should Enterprises Care About Mobile Security?

To answer the question of why enterprises should care about mobile security, we have to look at some of the recent trends with regards to adoption of bring-your-own-device (BYOD) policies across large enterprises. Managing mobile devices that run on different operating systems and platforms, while at the same time ensuring intellectual property and information is kept secure, becomes the top priority for a chief information security officer (CISO).

If we were to provide mobile security at an enterprise-wide level, we would need to look beyond just securing the devices and the content. Gone are the days when employees would be happy with access to only email on their devices. Today, sales and marketing professionals must be agile in the field and have access to various enterprise applications on the go.

What Matters to CISOs?

What aspects would a CISO need to consider when planning to implement a comprehensive enterprise mobile security strategy?

An effective mobile security solution will offer a holistic approach to securing the four imperatives of enterprise mobility: the device; the enterprise content and data stored on it; the mobile applications used for employee productivity; and the access and fraud concerns inherent with the devices. Underlying this is an additional layer of protection and visibility through security intelligence. Only by addressing all four imperatives can a company truly deploy a comprehensive mobile strategy and protect the assets and reputation of the enterprise.

Take a look at this video, which explains the mobile security framework and its importance:

Deeper Into the Framework

Now that we have an overview of the framework, let’s take a closer look at the four imperatives: protect devices; secure content and collaboration; safeguard applications and data; and manage access and fraud. We will also examine the underlying security intelligence layer in a little more detail, as well.

Here’s what security leaders should be focusing on as they construct their mobile security framework and ensure the imperatives are addressed:

  • Protect Devices: Securing phones, tablets, laptops and other machines includes the management of multi-OS mobile devices while mitigating risks that arise from lost or compromised devices.
  • Secure Content and Collaboration: Protecting information ensures that enterprise and personal data are separated while enforcing compliance with security policies.
  • Safeguard Applications and Data: Applications can now be developed with security by design so enterprise applications may be distributed and controlled without any threats.
  • Manage Access and Fraud: Identity management and antifraud efforts identify users and protect mobile sessions with customers, business partners and temporary workers that are not part of the enterprise mobile ecosystem.
  • Extend Security Intelligence: Leveraging security intelligence gives enterprises the ability to expand security information and event management (SIEM) to the mobile platform, thereby mitigating vulnerability.

Learn more about Securing the mobile enterprise

More from CISO

Empowering cybersecurity leadership: Strategies for effective Board engagement

4 min read - With the increased regulation surrounding cyberattacks, more and more executives are seeing these attacks for what they are - serious threats to business operations, profitability and business survivability. But what about the Board of Directors? Are they getting all the information they need? Are they aware of your organization’s cybersecurity initiatives? Do they understand why those initiatives matter? Maybe not. According to Harvard Business Review, only 47% of board members regularly engage with their CISO. There appears to be a…

The evolution of 20 years of cybersecurity awareness

3 min read - Since 2004, the White House and Congress have designated October National Cybersecurity Awareness Month. This year marks the 20th anniversary of this effort to raise awareness about the importance of cybersecurity and online safety. How have cybersecurity and malware evolved over the last two decades? What types of threat management tools surfaced and when? The Cybersecurity Awareness Month themes over the years give us a clue. 2004 - 2009: Inaugural year and beyond This early period emphasized general cybersecurity hygiene,…

C-suite weighs in on generative AI and security

3 min read - Generative AI (GenAI) is poised to deliver significant benefits to enterprises and their ability to readily respond to and effectively defend against cyber threats. But AI that is not itself secured may introduce a whole new set of threats to businesses. Today IBM’s Institute for Business Value published “The CEO's guide to generative AI: Cybersecurity," part of a larger series providing guidance for senior leaders planning to adopt generative AI models and tools. The materials highlight key considerations for CEOs…

Bringing threat intelligence and adversary insights to the forefront: X-Force Research Hub

3 min read - Today defenders are dealing with both a threat landscape that’s constantly changing and attacks that have stood the test of time. Innovation and best practices co-exist in the criminal world, and one mustn’t distract us from the other. IBM X-Force is continuously observing new attack vectors and novel malware in the wild, as adversaries seek to evade detection innovations. But we also know that tried and true tactics — from phishing and exploiting known vulnerabilities to using compromised credentials and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today