MOBILITY: GAME CHANGER

 

Mobility is a game changer in many ways, and in some ways it is another manifestation of the same security problems plaguing enterprises. The client, or last tactical mile as we like to put it, is often a common target of a malicious attack. The client is where all of the security controls, decryption, and authorization decisions have run their course: an end customer is viewing data in the clear.

Business hand presses on screen digital tablet

A web browser is the most notoriously unstable and vulnerable client since it effectively is running remote code locally. Many cross-site scripting attacks have leveraged weak clients (i.e., web browsers) to steal privileged information.

In the enterprise, mobility presents an added layer of security concern: most users prefer to operate on their personal mobile device instead of a separate corporate issued phone. This adds an unknown to the mix since IT security professionals won’t necessarily know what a user has running on their device. In addition, it might not always be possible to have the ability and permission to perform important emergency security functions such as remote wiping. Finally, data on mobile devices literally travels and can be lost, stolen, or seized.

Fortunately, both iOS and Android operating systems provide sophisticated security frameworks that if understood and followed can dramatically reduce the risk posed to your data operating on a mobile device. Furthermore, restrictions can be placed on the device based on its network connection, physical proximity, and other controls that can manage decryption functions and ensure the device is fully within the security perimeter before it is able to present data in the clear.

The Shattuck Group is helping clients understand the implications of incorporating mobility into the security landscape. In some ways, mobility adds many security enhancing features such as Google’s authenticator application that be used as a multi-factor authentication device without having to purchase key cards for every employee. Sophisticated security models in iOS and Android also enforce many industry best practices such as code signing. Leveraging some of these enhancements allow employees to use their personal device while improving security, saving time and money, and enhancing morale.