Why enterprise security needs to evolve in the age of mobile computing

It is no secret that the world is going mobile at a rapid pace. If industry reports are to be believed, India alone is expected to be home to 700 million Smartphone users by 2022. But what does this growing proliferation of smart mobile devices mean for the business ecosystem?

The rise of BYOD-led work culture: Boon or Bane?

For the most part, mobility has enhanced business operations. Many companies have already adopted a BYOD-led work culture to improve efficiency and achieve higher productivity. Employees are also more favourably disposed to the idea of using their personal devices to remain connected to enterprise networks and resources at all times, enjoying unparalleled convenience and flexibility. The mail you send from or receive on your mobile phone during your daily commute is just one facet of the increasingly on-the-go lifestyles enabled by BYOD adoption.

That being said, such seamless connectivity does come with its fair share of challenges. Security, in particular, is one of the biggest concerns when it comes to BYOD adoption. Most smartphone users do not have robust security applications installed to protect their mobile devices. Jaibroken/rooted mobile devices are also extremely common.

A large percentage of smartphone users are not even aware about the need for adequate mobile security, often downloading unverified apps from third-party app stores and clicking on suspicious offer links. In a recently published report, Quick Heal Security Labs identified over 3.3 million malware, potentially unwanted applications and Adware on Android OS during 2018 – most of which were trojanised fake applications.

What complicates the situation even further is the fact that many of these unsecured devices are connected to enterprise networks – 24 hours a day, 365 days a year. This not only jeopardises the safety and security of device users’ personal data, but also increases the risk to the organisation. Cybercriminals are actively exploiting this lucrative opportunity to compromise business data and networks by gaining access to personal devices connected to the enterprise IT infrastructure.

Social media, enterprise data, and personal devices: Why these three components don’t mix well

The implications of social media access and BYOD on enterprise data security are quite massive. Most users have no compunctions clicking on links shared by their social media contacts.

Such indiscriminate behaviour significantly increases their risk exposure to malware and other forms of cyber-attack, particularly because hackers are known to share malicious links through compromised social media accounts to drastically increase their attack surfaces. Moreover, there is always a risk that employees might publish sensitive business information – whether intentionally or accidentally – on social media platforms.

Allowing employees to move around with business data stored or accessible on their personal mobile phones also makes it difficult for IT managers to maintain control over such devices and the data they transmit and receive. The vulnerabilities that such seamless mobile interconnectivity inherently comes with make it imperative for organisations to implement a comprehensive BYOD and social media policy, as well as the right data protection mechanisms.

How can organisations tackle these challenges?

This is where cloud-based enterprise mobility management (EMM) step into the picture. IT teams can use these security solutions to define individual policies and restrictions for all connected devices across the network.

EMM can manage the security risks inherent to a BYOD workplace in the following ways:

• Mobile Device Management: MDM remains an integral aspect of EMM. Device management is still required because devices can often get lost, corrupted, or stolen. Enterprise IT teams must be able to wipe the data on these devices, reset mobile devices to factory settings, and manage mobile software.
• Mobile Application Management (MAM): EMM supports over-the-air installation, update, and removal of public enterprise applications. It also ensures that these apps run in a secure environment, and are updated when required, i.e., an iOS update is pushed out when it is required.
• Anti-malware: Businesses should look for an EMM solution with anti-malware capabilities. Doing so allows their IT teams to remotely schedule a security scan on enrolled devices to identify potential risks and infections.
• Mobile Content Management (MCM): Business data loss and leakage can be tackled through Mobile Content Management (MCM), which prohibits business users from copy/pasting, screen capturing, or syncing secure files and information stored on their enterprise-connected devices.
• Secure Workspace: By enabling a secure workspace through EMM, IT teams can separate enterprise and personal data on mobile devices for better application and data management. These workspaces can be linked to SharePoint or the enterprise cloud for seamless, secure connectivity.

With governments, policy makers, and regulators becoming increasingly sensitive about data and the need to protect it, there is a growing push towards data rights, security, and privacy. Recent large-scale implementations, such as the EU-GDPR, mark this change in both public and policy sentiment. By enabling state-of-the-art mobile device management for connected devices, EMM solutions allow businesses to keep pace with this changing dynamic, extracting the maximum benefits of the BYOD approach without compromising on the security of their network and critical business data.

-- Mr Sanjay Katkar, Joint Managing Director and Chief Technology Officer, Quick Heal Technologies Limited