The state of workplace mobility
The continued white-hot proliferation of personal devices has led to businesses adopting cultures where employees can contribute remotely, using whatever device is accessible. For many, this has led to Bring Your Own Device (BYOD) initiatives, where businesses formally embrace the use of personal devices and enable remote access to corporate data and applications. For others, a specific line of business drives the increased usage of personal devices, such as a sales team becoming increasingly mobile or a customer-facing team leveraging tablets to execute transactions.
According IDC’s Worldwide Semiannual Mobility Spending Guide, worldwide spending on mobility solutions is forecast to reach $1.72 trillion in 2021. IDC also found that two of the industries leading this surge – professional services and manufacturing – are largely driven by a “highly mobile, on-the-go workforce.”
While workplace mobility strategies are both gaining traction and clear drivers for productivity, pursuing them means that you’re introducing numerous entry points into your network environment, inherently increasing your attack surface. This article will shed some light on the importance of mobile security and detail how you can enable effective personal device usage with software that hardens your environment from threats.
The shortcomings of existing approaches to mobile security
Even as BYOD and workplace mobility strategies have gained traction, many businesses have neglected to complement these strategies with an effective security implementation. There are a few reasons for this.
First, workplace mobility strategies are relatively new and emerging, which commonly leads to a misunderstanding how to properly secure them. This problem is exacerbated by a confusing marketplace where many security vendors offer solutions they claim to be a “silver bullet” for whatever threats may arise. In reality, a single solution rarely provides complete protection, leaving businesses vulnerable as a result.
Another reason some struggle with mobile security is that budgets force businesses to prioritize their security measures. In these situations, many opt for other, more traditional security measures that fail to secure the network from the end-user device. These organizations must understand there are countless ways for cybercriminals to access corporate data, and they will move to the point of least resistance – even if you spend heavily on firewalls, they will seek out weaker areas to attack. Part of mitigating threats means you need to understand your weaknesses and act to fortify them. According to Dimensional Research’s The Growing Threat of Mobile Device Security Breaches, 20% of companies’ mobile devices have been breached.
This last point particularly applies to businesses that are understaffed or lack security expertise: your mobile security posture is only as strong as the personnel deploying the solutions and managing the environment. According to ESG’s 2018 annual global survey on the state of IT, 51% of respondents believe their organization has a problematic shortage of a cybersecurity skills – a number that has grown each year since 2014. Some of the larger security problems that organizations run into stem from a failure to configure the solutions correctly. Further, if your team is not familiar with managing the solution or you lack the manpower to monitor the environment 24/7, you limit your ability to assess threats and make intelligent decisions to mitigate them.
Keys to a successful mobile security approach
While it is important to understand how bad actors operate and the inadequacy of some current approaches, you shouldn’t be intimidated into avoiding workplace mobility altogether. In an increasingly mobile world, BYOD strategies can massively boost end-user productivity. A proper workplace mobility implementation with the right protection is in the best interests of your workforce.
Below are some keys to a successful mobile security implementation:
Key 1: Take a holistic security approach
The core value of any mobile security approach is the prevention of malicious hackers from accessing sensitive information. In this context, you must remember that personal devices serve as the point of access to your corporate resources, but should other weaknesses exist, they too can be exploited. When implementing mobile security, you must take a holistic approach that accounts for how the solution works with your existing security implementations to protect your environment from top to bottom: from the devices, through the operating system and software stack, to the public or private cloud. By doing so, you will be better equipped to eliminate any gaps in your security posture and ensure for consistent protection.
Tip: Many businesses have implemented solutions from numerous vendors over time across their environment (i.e., a firewall from one vendor, intrusion detection and prevention systems from another vendor, anti-malware from a third, and so on). It is common for these solutions to not work well with one another. Additionally, some teams are not well-versed with operating each of the solutions. This, in turn, can limit visibility and the ability to monitor ongoing threats in your environment. Security vendors are beginning to respond by delivering holistic security platforms. Leveraging a more complete, integrated set of solutions like this can help simplify security management and enable greater control over your environment.
Key 2: Deliver a good user experience
Your end users want to access corporate applications and data in the most user-friendly way possible. At the same time, you have numerous security needs that may limit their experience: making sure only approved devices can gain access to the network; controlling what aspects of your network the device is connected to; verifying who is behind the device, etc. However, if you deliver a poor user experience, you may risk end-users working around your solutions or resisting the technology to a point that it is abandoned by the company altogether. With this in mind, it is in your best interest to find the right balance of stringent security measures and user-friendliness. This can be realized through a wide range of solutions (depending on your organizational needs), including single sign-on identity management tools or desktop and application streaming services that take into account securing sensitive data and ensuring end-user performance.
Tip: It is common for a company’s network team to be in charge of workplace mobility initiatives, while the security team manages its protection. In many cases, these groups aren’t in sync with one another and don’t collaborate to the extent they should. This can result in either limited remote performance or poor security. To ensure both stakeholders fulfill their needs, you should bridge any silos that separate these groups and ensure they have the means to collaborate throughout the project.
Key 3: Leverage an expert
If your team is understaffed or lacks security expertise, you should consider leveraging a security service provider. Service providers can help you navigate the marketplace to find a solution that fits your needs. Once you have chosen a solution, it is easier and more reliable to utilize this provider for implementation and/or managed services (depending on your personnel strengths), rather than increasing staff size or providing ongoing training.
Tip: Mobile security is not one-size-fits-all. Your business has unique needs that are driving the adoption of workplace mobility. When evaluating consultants, find a partner that will work with you to understand these needs and help you select a solution that compliments your business, your existing security approaches, and your personnel strengths.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.