Adding levels of cybersecurity to a mobile computing environment using traditional methods can often be a matter of making trade-offs between taking the necessary security steps to defend against a shifting threat landscape and accepting the drag on productivity that results from those steps. But implementing a smart security strategy can actually boost productivity while protecting devices and data.
Businesses and other organizations are aware of the realities. The smartphones and other devices that have become constant — and, in some cases, primary — tools of employees have expanded networks’ attack surfaces. Downloaded apps can contain malware that can cause data leakage and can frequently have weak or broken cryptography. Wireless hotspots can be spoofed, and free Wi-Fi networks often are unsecured, opening them to attacks such as drive-by downloads. Devices themselves can be compromised with tools such as spyware. And the use of personal mobile devices also can exponentially increase attackers’ opportunities for phishing and credential theft.
According to Pew Research Center, 96% of Americans own a cellphone of some kind, with 81% of them owning a smartphone. An exhaustive survey by Dell on technology in the workplace, released this year, shows that employees prefer using smartphones, including their personal devices, on the job. Another 41% of respondents said they sometimes work outside their organization’s security protocols in order to get their work done. An earlier survey by the company had noted that among the most tech-savvy users, 61% of Gen Y employees and half of those 30 and older say the apps and other tools they use with their personal devices are superior to those designed for work use.
Considering that the number of mobile subscribers worldwide is at 5.1 billion and growing every second, according to GSMA Intelligence, it’s not surprising that the rate of mobile attacks is accelerating. Over the last year alone, attacks against mobile devices have increased by 50% according to Check Point’s 2019 MidYear Report. Attackers are increasingly designing malware specifically for mobile platforms, for obvious reasons. Mobile devices can contain significant amounts of sensitive information and provide access to all of a network’s resources. And while employees use mobile devices more and more for work, they often don’t take security for smartphones as seriously as they do for laptops and office computers. Studies have shown that BYOD does boost productivity among workers, but that productivity can come at a security cost.
Organizations address these threats with an array of security measures, such as instituting compliance rules and establishing encryption requirements. Some may require that employees use a separate phone for access to work. But such rules can prove to be overly restrictive and difficult to manage, slowing down operations and putting a straitjacket on productivity — the very thing mobile computing is intended to enhance.
A smart security strategy that provides a separate workspace on a device where employees can seamlessly and securely connect with their network can turn that around. It’s designed to address the realities of a BYOD work environment in which the use of mobile devices, including employees’ personal devices, is how business gets done. In addition to enabling productivity, it also can alleviate privacy concerns employees may have with overly restrictive policies. After all, access works both ways, and a personal device accessing a network exposes some of its data to the network. A remote wipe of sensitive corporate data, for example, could take some personal information with it.
A smart strategy starts by focusing on separating the data from the device — securing the data at every step in the process while allowing organizations to authenticate users with multistep password and authentication policies before accessing any corporate or sensitive data.
Organizations looking to choose the right vendor should consider several important questions.
How does it fit in your overall security strategy?
An organization should first be sure it has an overarching strategy that covers all aspects of data protection, such as encryption, password policies, malware prevention, user authentication and other factors. Many businesses fail to fully think this through, which can lead to serious risks that cannot be mitigated by a mishmash of security products and procedures. Have a comprehensive strategy in place before considering a vendor. A security strategy also can identify areas that might not need containerization.
Will it actually improve security?
Before implementing a product, it is important to understand the methodology through which “security” is achieved. How is encryption implemented for both data at rest and data in transit? How does the product keep data safe in case the device is jailbroken? How are critical updates applied? A high level of security also is important. For example, encryption such as 256-bit AES, which is compliant with the Federal Information Processing Standard (FIPS) 140-2, can allow organizations to keep business and personal data separate and can protect business data even if a device itself is compromised. Businesses need to understand how a product achieves its security and how to evaluate these answers.
Is it easy to manage?
Ease of use is a crucial, if sometimes overlooked, element of any security solution. A product may provide strong security, but if installing, updating and managing it is difficult or time-consuming, it will be costly to run over time, and will frustrate administrators and users. That can have an impact on employee buy-in, which is necessary across an organization for a security solution to be effective. The operational costs also must be factored into the lifetime value of the solution.
Use these three questions to craft a sound security strategy and choose the right vendor for your needs.
