Addressing Enterprise Mobile Security

May 24
09:48

2013

Jennifer Lewis

Jennifer Lewis

  • Share this article on Facebook
  • Share this article on Twitter
  • Share this article on Linkedin

Enterprises are not trusting by nature. They tend to be suspicious of any and every activity that is out of the ordinary. This is because they have a lot to protect, and it’s not all about them, it’s about you too. Corporate data is sensitive and needs to be kept safe.

mediaimage
Enterprises are not trusting by nature. They tend to be suspicious of any and every activity that is out of the ordinary. This is because they have a lot to protect,Addressing Enterprise Mobile Security Articles and it’s not all about them, it’s about you too. Corporate data is sensitive and needs to be kept safe. It contains business information, client details, pricing info, and employee personnel records among other important data. That is why, every time the topic of mobility comes up, the first question asked is – “what about security?”

Securing the enterprise mobility landscape is crucial. There are risks of intrusion through corporate applications by malicious aps, or an individual with unauthorized access, or the transmission of data from the backend system to the end device getting compromised. Security has many components. Some of them are internal to the enterprise, some of them at the perimeter, and some residing on the user device. However, the key ones are discussed below:

1. Encryption – This method is aimed at protecting and safeguarding the flow of data from the device to the internal systems and vice versa. This data is often confidential, and may include personally identifiable information, business secrets, customer details, credit card data, user ID passwords, account information etc. To ensure that the data gets securely transmitted, and that there is no possibility of someone snooping in. Therefore, we encrypt.

The encryption works at two places - one within the datacenter, and the other on the device. The device contain an encryption system that can encrypt the data on the device, and when transmitted over the airwaves. The message is decrypt at the destination.

2. Centralized access and control – with the help of the latest solutions in the MDM space, the IT administrators can track, control and log into the devices in the field. This allows them to administer the device in a way that the enterprise is kept safe. Some of the activities performed by the central mobility management team are – device registration, software installation, tracking and management, application installation / upgrade / removal, device lock, unlock, device wipe (in case of the loss of theft), live user support etc. most of these services are delivered remotely from a central location.

This does have some issues about privacy and personal data access on the device from the remote location. To control that argument, you need to limit the IT staff that has access to the tool interface’s advance functions like remote device access and data wipe.

3. Access control – The biggest risk to enterprise system and data security is an unauthorized user getting access to the device, and misusing the same for aces into the internal systems and data of the enterprise. This is more likely than we think. It is like losing the keys to your house, and the stranger finding them going ahead and robbing your place. The only difference is that in the mobility scenario, the stranger does not need to drive to your house. He can rob it while eating his lunch.

Our smartphones are on our person most of the time. Owing to their small form factor, they are easy to lose, or have stolen. Therefore strong access control features are needed to protect the enterprise. The challenge is that the user is more likely to secure his device to protect it from his / her children rather than keep enterprise security in mind. Therefore, you need stronger authentication like a password instead of a pin, or even better, a biometric code like a facial can or voice print.