The Enterprise Mobility Network, a resource for professionals working with or around mobile technologies, has launched a report looking at the interaction of mobile technologies and information security risk. The report, compiled by security and mobility expert Andrew Moloney, was launched at the inaugural Enterprise Mobility Network webinar, held today in association with IDC.
Building on interviews with Tsion Gonen, Chief Strategy Officer of SafeNet; Trefor Davies, CIO of Timico; Rashmi Knowles, Chief Security Architect, Alun Dowling, Head of IT, RCT Homes Ltd; Dave Mahdi, Global Product Marketing Manager, Entrust and Jeffrey Peel, MD, Quadriga, the report explores and explodes the myth that mobility represents an increased security risk. Indeed, based on the in- depth interviews, the report concludes that a comprehensive mobility strategy could actually improve the security profile of a business.
From a strategic perspective, the report details the categories of risk associated with going mobile and five steps that can improve the security profile of a business deploying mobile technologies. Much of this initial activity requires little or no immediate investment. For example, for the 8 out of 10 businesses without a basic mobile device policy, the lowest hanging fruit is a simple do's and don'ts checklist. The report also identifies six key tactics to turn mobility into a key platform of increased security:
- End-to-end encryption
- Geo-location via GPS or triangulation
- Biometric identification as part of shared devices
- The use of one-time passcodes (OTP) for authentication
- Out of band (OOB) - the use, segmentation and securing of individual voice / text / data channels if compromise occurs on any single channel
- Secure element - a chip inside the phone as a secure, encrypted RFID source of credentials
In addition the report carries two case studies. The first looks at the use of a mobility strategy to increase security and improve productivity at RCT Homes in Wales, whose deployment of Motorola ES400 devices is a critical component of its maintenance operation. The second investigates how a major high street retailer is managing a mix of dedicated and BYOD devices in its stores and the different applications it is finding for mobile technologies.
"It is incredible to think that despite the prevalence of mobile devices, as many as 8 out of 10 businesses still lack a written policy on mobile device use," said Andrew Moloney, CEO of security specialists Artisan Southwest and author of the report. "As a result, the lowest hanging fruit is also the cheapest and does not require any additional investment, just the time to compile and distribute a written policy outlining a few simple steps. This alone can help improve the security of mobile technologies in any business."
Sharon Clancy, editor in chief of the Enterprise Mobility Network added: "It is clear that the walls of Jericho that once surrounded corporate information and the infrastructure over which it flowed, have long since come down. Be it an iPad as part of a BYOD policy, ruggedized hardware in a delivery van, SMS details of a job sent to a mobile phone or even good old fashioned print-outs of customer details, businesses must now have an awareness that security needs to be pervasive without being invasive. And that means a security policy that accounts for mobile."