How to combat threats of implementing Enterprise Mobility?Apr 28, 2016
Mobile has become a good support of productivity. Currently, employers have adopted this technology to complete the business tasks. Enterprise mobility has brought a change in employees working habit to work from anywhere, therefore, employers are leveraging the facility to give freedom to them to work beyond any constraint, to expand the productivity, receptive customer interaction and more efficiency in work.
Emergence of enterprise mobility
With the latest shift in work habits and companies providing the freedom to employees to work from anywhere, most of the companies are relying on Mobility to improve their employee’s productivity. A drastic increase of devices managed in the enterprise is observed 72% from 2014 to 2015, and it is increasing year-on-year.
Let us look at the Definition of Enterprise Mobility as per WhatIs.com: “Enterprise mobility is the trend towards a shift in work habits, with more employees working out of the office and using mobile devices and cloud services to perform business tasks.”
Since the advent of BYOD (Bring Your Own Device) trend in the workplace, more and more companies are making corporate data available on Mobile Devices. This helps an employee to transfer data from a PC to a cloud storage service to access that data from a personal Tablet or Mobile at the client site.
Incredible mobility trends and facts
Below are some latest Mobility trends which highlight the evolving nature of work and emphasize the need for organizations to both empower and manage employee mobility in order to meet security, agility and productivity demands as mentioned in Citrix Mobile Analytics Report:
- 61% of workers report working outside the office at least part of the time
- 3+ devices are used daily by an employee for work activities
- iOS dominates the enterprise market and is the leading mobile platform in nearly every industry vertical
- Device diversity is greatest in EMEA, where mobile devices used to work are typically corporate issued
- 90% of organizations deploy passcode enforcement, the most common device level policy
- Top blacklisted apps include Dropbox and Mail while top whitelisted apps include PDF and Notes
Nowadays, demand of mobile device usage is countless at different workplaces. For example, salespeople take tablets instead of laptops when they travel, doctors use a handheld device to check Electronic Medical Records and Clinical Applications right from the patient’s bedside. Similarly, in the retail sector, the sales person can conduct on-spot inventory check for customers and also collect payments without returning to the counter. Through the above examples, we could realize how Enterprise Mobility is enabling more efficient, effective, collaborative and flexible work styles.
Seeing the recent trends on how mobile devices are being used at the workplace, these devices are quickly becoming the new desktop. There has been an explosion of mobile devices being used for work, whether authorized or not, the organization has to enable and protect users no matter what type of device they choose to work with – a PC, notebook, tablet, or smartphone. Many employees utilize mobile devices to access organizational systems and critical business applications, both on and off the corporate network. These protected systems contain sensitive data that if exposed could result in data security breaches and revenue loss for an organization.
An unsecured mobile device can easily compromise the corporate network, jeopardizing the productivity benefits gained from enabling mobile access in the first place.
So what are the major mobile security concerns?
1. Device Loss
There has been many high profile data breaches wherein an employee carelessly forgets his tablet or smartphone in a cab or at a restaurant that puts the sensitive data, such as corporate intellectual property or customer information at risk.
2. Application Security
Simple mobile apps that request too many privileges and often granted gains access of all device data. This has been responsible for leaked corporate contacts, calendar items and even the location of certain executives has put the company at a competitive disadvantage. Trojan affected applications also appear to function normally, but secretly upload sensitive data to a remote server.
3. Device Data Leakage
Most corporate access privileges on mobile devices remain limited to calendar items and email, new mobile business applications can tap into a variety of sources if the enterprise accepts the risks. Too much corporate information on a mobile device draws the attention of cyber criminals who can target both the device and the back-end systems they tap into with mobile malware.
4. Malware Attacks
Majority of Mobile Malware comes in the form of SMS Trojans designed to charge device owners’ premium text messages. Experts say Android devices face the biggest threat, but other platforms can attract financially motivated cybercriminals if they adopt NFC (Near Field Communications) and other mobile payment technologies.
5. Device Theft
Smartphone theft is a very common problem smartphone owners such as iPhone or high-end android device faces. The danger of corporate data, such as account credentials and access to email, falling into the hands of a tech-savvy thief, makes the issue a major threat.
Key concerns for mobile strategies
Following are three big questions on which business leaders should focus on to round out their Mobile strategies, and those are:
- What type of data will make employees more productive by having mobile access to it?
- What are the security implications of that access?
- And what model makes more sense for providing that access?
A company should adopt a holistic strategy that covers corporate approved App access, namely, Enterprise Content Management and Enterprise Mobile Management that meet their security needs.
Key strategies to secure enterprise mobility
Today, more and more businesses rely on Enterprise Mobility with requirements to safeguard their business data, provide secure mobile access to business documents and keep mobile devices safe from threats. Mobile technology has made the network security challenge much bigger and more diverse. Use of mobile devices and apps has introduced a wide range of new attack vectors and new data security challenges for IT.
Below are some of the ways through which these threats can be secured.
1. Installing anti-malware software
New Malware is constantly made to attack iOS and android operating systems. Any employee who uses a mobile device to access internet should prior install or update antimalware software on his or her smartphone or tablet.
2. Keeping an eye out for bad apps
To streamline business processes and enhance employee productivity, the enterprise should provide the workforce with relevant mobile apps. Also, a policy has to be put in place to determine which apps can be download or access via. the corporate network.
3. Remote locking and erasing feature
All the Enterprise Mobility devices should have an app that allows an employee to remotely lock and erase the entire data on the device in case of a theft or loss.
4. Strong passwords
All the mobility devices should be secured with a complex password and changed on frequent intervals. Employees should be educated about security threats and the damage they can cause from a weak password strength. Many modern mobile devices include local security options such as built-in biometrics, such as fingerprint scanners, facial recognition, and voiceprint recognition and so forth to render better security.
Ask employees to get the habit of updating apps as soon as they are prompted. Software updates can include fixes to new vulnerabilities and exploited security gaps.
6. Protection and encryption of data
Encrypt sensitive information with strong keys as soon as it is acquired. Data at rest in storage, servers, and devices, as well as data on the wire (and over the air) should remain encrypted as they are used, stored or moved and eventually decrypted only by the intended receiver.
7. Data backup
To ensure data restoration after a device is damaged, wiped or lost, take advantage of data backup capabilities supported by each mobile OS. Native backup capabilities typically include writing backup files to a laptop or desktop and routinely backing up data to cloud storage (e.g., Apple iCloud, Google Drive). Mobile Application developers should take advantage of back up capabilities, but should be aware of the risk of doing so.
8. Performing regular audits
At least once a year, companies and organizations should hire a reputable security testing firm to audit their mobile security and conduct penetration testing on the mobile devices they use. Such firms can also help with remediation and mitigation of any issues they discover, as will sometimes be the case. This way companies can better protect themselves from the latest threats.
Mobile devices today are powerful computing devices and a gateway to countless productivity tools, entertainment resources, and social networking channels. No wonder, mobile devices and apps adoption have swept enterprises rapidly, even greater than many enterprises realize.
As Uncle Ben said to Peter Parker before he became Spiderman, "With great power comes great responsibility." The same is true with Enterprise Mobility. When implemented properly, it can bestow great benefits to an organization; but to enjoy those benefits it requires attention to a broad set of security measures.
This blog is written by Mobile App Development team at TatvaSoft. With our years of experience, expertise and processes, we have helped leading organizations worldwide to implement their Enterprise Mobility objectives.
TatvaSoft is a CMMi Level 3 and Microsoft Gold Certified Software Development Company offering custom software development services on diverse technology platforms, like Microsoft, SharePoint, Biztalk, Java, PHP, Open Source, BI, Big Data and Mobile.