Mobile endpoint security: What enterprise infosec pros must know now
A comprehensive collection of articles, videos and more, hand-picked by our editors
The IT department has been accustomed to providing security for the devices and tools that it selected, owned, deployed and controlled.
Protecting enterprise data is the number one priority, but the legacy approach to information security needs to be updated.
There are the four main areas to address around BYOD and personal clouds in the workplace:
- Policy: A security policy, whether mobile or other, communicates the effects of architectural decisions to the user; highlighting his or her rights and obligations. The policy serves the purpose of illustrating correct and acceptable use, and deterring misuse;
- Control: Tools such as mobile device management (MDM) software enable corporate control over vital components of the device, translating the mobile policy into technical actions;
- Containment: Containers, dual persona and application wrappers all provide application-level protection for sets of, or individual, applications;
- Enterprise tools: Enterprises cannot stop consumerisation. However, they can compete with it by offering their workforce attractive and user-friendly tools (mobile applications) to deter the use of consumer applications for professional activities.
Let us look at an example: a mobile policy forbids users from storing corporate data on their personal cloud, while an MDM agent ensures this policy is followed via technical measures on the user's mobile device.
A container on the device integrates with the enterprise infrastructure and stores all the documents that are downloaded from attachments or the knowledge management system in an encrypted state.
Read more on BYOD and MDM from the Security Think Tank
- Governance should determine strategy for BYOD
- Embrace BYOD, but be wary of the risks
- MDM is no BYOD silver bullet
- BYOD – key tenets and best practices
- BYOD means the map is no longer the territory
- BYOD – a challenge and an opportunity
- MDM just one way to lower the risk of BYOD
- Management is key to secure BYOD
- Cloud, BYOD and security – lock your doors
Finally, a secure enterprise cloud offers a superior user experience, allowing co-workers to store and exchange large files, and deters users from using public alternatives with unencrypted enterprise data.
Correctly balancing the four main ingredients of policy, control, containment, and management tools is paramount in this exercise.
To do so, one must consider the enterprise culture as well as existing tools and processes. No two enterprises are the same, so each one will reach a slightly different equilibrium.
With mobile devices and MDM, changes are happening very quickly compared to other technology markets. As a consequence, a tactical approach is needed to effectively implement mobile policy, control, containment, and management tools.
MDM suites are becoming aggregators of policy enforcement, containment and enterprise mobile application solutions.
On the device side, new models offer built-in enterprise security capabilities that can be leveraged by MDM tools — not only in terms of device management but also in terms of containment.
Gartner recommends acting tactically to protect data with current tools and on contemporary devices, with the objective of repeating the exercise periodically to accommodate change.
Dionisio Zumerle is a principal research analyst at Gartner