Developing an Effective Mobile Security Strategy
When developing policies for mobile devices, IT Leaders must be cognizant of security threats such as data leakage, spyware, and cryptojacking attacks. Enterprise Mobility Exchange spoke with Brian Egenrieder, CRO of SyncDog to explore this topic in more detail.
Enterprise Mobility Exchange: What are the biggest IT challenges when it comes to mobile security?
Brian Egenrieder: One of the biggest challenges companies often face regarding mobile security is promoting productivity while also maintaining strong security. As mobile devices have crept into the workplace and companies have leveraged them to allow more work to be done outside of the office, the security policies that go with them often inhibit the amount and quality of work able to be done. Creating an environment where employees are able to work freely outside of the office network while maintaining the necessary security protocols to defend against threats can be difficult, but it’s certainly not impossible. Creating a containerized workspace is one way to bridge the gap though, giving employees the ability to do their work with the data they need, while also giving security and IT teams peace of mind and ultimate control over the company’s data.
EME: Why are the days of having two devices (one for work, one for personal life) possibly nearing an end?
BE: Overly-restricted mobile security policies have forced many employees into a situation where they need to carry two phones – one for work, one for personal use. While the days of carrying two devices may not be completely over just yet, mobile security solutions have become more agile as companies have begun to adopt newer policies like CYOD and BYOD. Having the flexibility and necessary security measures in place to deploy any kind of device, regardless of the operating system, ultimately gives the company an advantage in the market when dealing with different device ecosystems. Another contributing factor is the upside seen by businesses in not having to invest in company devices and expensive data plans. Rather than buying the devices, they can offer reimbursement plans (if even necessary) to help employees pay for their device plans as they use them for both work and personal means.
See Related: 5 Biggest Mobile Security Threats in 2019
EME: When it comes to enterprise mobile security, what role does device ownership play?
BE: Even though it shouldn’t, within the enterprise, device ownership still often dictates the company's approach to a security solution and what kind of overhead cost they are willing to take on. Traditional EMM/MDM policies will use company devices so they are able to maintain total control over the device, but newer technologies like mobile workspace containerization allow the company to do the same thing regardless of the owner and regardless of the operating system.
EME: What are the biggest security concerns with mobile applications?
BE: Mobile applications can present a myriad of security concerns, from intercepting information to installing malware and spyware on a device. In the case of enterprise mobile security, the main concern would be company data being at risk. While BYOD policies might heighten that concern, rest assured that there are solutions out there that account for this type of problem and have safeguards against it well above the capabilities of what most companies are doing today. While they might not be able to control the device, with a containerized solution, companies can control any company information and secure it from any and all outside influences on the device.
EME: How should enterprises consider the end-user when developing mobile security strategies?
BE: At SyncDog we believe in fully enabling the workforce - securely, giving employees the best tools possible to get the job done, with the data they need, on the device they choose while at the same time, using US DOD level security and encryption to ensure the data and devices are fully protected at all times. With SyncDog’s solutions, a company can and should consider the daily lives of its employees when implementing its mobile security strategies to ensure easy and full adoption. Conversely, the traditional approaches most commonly in use today make data security/cybersecurity as the top and only priority approach. This often results in highly restrictive usage and security policies that provoke mobile employees to find workarounds to get the data they need on the device they have on hand – ultimately presenting the risk of exposing sensitive company data.
See Related: Mobile Device Security Best Practices
EME: How are different compliances and regulations impacting enterprise mobility in 2019?
BE: The majority of companies in the United States and Europe are required to comply with at least one IT security regulation – oftentimes more. This forces companies to exert strong control over how data is transferred, accessed and maintained throughout its lifecycle. As these regulations evolve, the traditional application of MDM policies can no longer provide the security that organizations require due to the fact that MDM and EMM solutions focus on the device itself, rather than the data. New generations of employees have come to expect a dynamic mobility solution that enables them to use a single device for all aspects of their lives. Force fitting their user experience to adhere to limitations of mobile security solutions, while at the same time applying archaic IT & HR policies to further restrict and even threaten usage patterns, no longer scales to meet today’s mobility expectations. More importantly, these outdated approaches and technology are usually directly at odds with regulatory and compliance mandates such as GDPR, NIST SP 800-171 and numerous others. So when it comes down to it, a containerized workspace is really the only viable option.