As mobile devices enter the workplace, there is no denying their potential for improving and streamlining work processes. Companies are utilising enterprise apps that are unique to their businesses, and employees are taking full advantage of the benefits that accompany being a part of a mobile workforce.
With the conveniences of mobility comes the mounting concern of mobile security threats. The more employees and contractors use mobile devices to access organisational systems, applications and data, the more important it is to protect access to such data.
Most office employees are attached to their mobile device either for work or for personal use from the time they wake up. “Workers begin their day by grabbing their smartphone, checking for company emails, daily tasks and collaborating with team members via web conference,” says Shane Fernandes, ECEMEA, Business Intelligence Sales Lead, Oracle.
When creating new apps for businesses, there are a few best practices that developers need to keep in mind regarding security. “Remote server security is essential,” says Mohamed Djenane, Security Specialist, ESET Middle East. “This is a fundamental part of the application security,” he explains, “if the server is compromised then it doesn’t matter how secure the app itself is.” Hisham Surakhi, General Manager, Gemalto Middle East, agrees that security should be at the forefront of every enterprise app developer’s mind, but that the primary purpose for enterprise apps should not be lost. “While enterprise mobility solutions enhance workflow,” he says, “they necessitate tighter IT security infrastructure – contemporary enterprise app developers need to keep two factors in mind when designing business apps: first, convenience, and second, security.”
As security attack surfaces increase and would-be criminals become more organised, there are a number of things that developers and those creating security protocols need to keep in mind. Particularly when using devices for business, companies need to deploy anti-virus applications to ensure that devices are protected, keep operating systems upgraded and restrict the use of public Wi-Fi hotspots. “Best practices include carefully selecting remote device connections to ensure secure information transfer,” says Mathivanan V, Director, Product Management, ManageEngine, “as well as creating strong password authentication protocols.”
Increasingly, employees are demanding BYOD policies in their places of business. The benefits of a BYOD policy are clear for employees – they are able to work from any location on devices with which they are already comfortable. From a business perspective, a BYOD policy can also be a boon in that companies will have to invest less in hardware and devices for their employees. Though it can turn out to be a win-win situation, businesses looking to adopt BYOD policies need to move forward with caution to maintain security standards.
Businesses need to determine what kind of data can be accessed on a personal device and how this data will be accessed. Because BYOD, by its nature, deals with a variety of devices, it is difficult to have a “one size fits all” solution. “With hundreds of device models in different form factors and with different operating system versions, there are hundreds of individual configuration options available to the enterprise,” explains Simon Poulton, Application Delivery and Mobility Business Lead – EMEA Emerging Markets, CA Technologies. “A very common problem observed is that enterprises end up drowning in the complexity of trying to find reasons to enforce each of these hundreds of configuration options,” he says.
To address these variances, experts recommend a top-down method to develop security policies based on risk assessments, utilising smart containerisation methods and leveraging automation technology to manage compliance at an enterprise scale.
Prashant Verma, Senior Practice Manager for Infrastructure Security, Paladion Networks, contends that a BYOD policy is an opportunity for enterprises – provided best practices are followed. “There should be an AppStore owned by employers for providing work related apps to employees,” he says “as well, there needs to be enforcement of unified security policies across the organisation and secure file sharing.”
Saeed Agha, General Manager, Middle East, Palo Alto Networks, recommends two main points to successfully manage BYOD security challenges. “It is clear that the network is the right place for IT to enforce control between applications and users,” he says. “We also recommend the next-generation firewall which takes a fundamentally different approach toward traffic classification and policy enforcements. Using App-ID, User-ID and Content-ID as its core technologies, the next-generation firewall provides visibility and control in a manner not found in any combination of existing traditional network security product.”
Moving beyond the constraints of the office space, end-users still need to remain vigilant when it comes to mobile security. Too often consumers are delighted to purchase the latest and greatest in mobile technology, but fall short when it comes to protecting their new purchase. “At an individual level,” says Muhammed Mayet, Practice Manager, End User Computing, Dimension Data, “users should at the minimum secure their devices with a pin or passcode and utilise the built-in ‘Find My Device’ service for their device.” A device locating service is essential for personal mobile security. This service, explains Mayet, will enable an individual to remotely locate, lock and erase their device should it be lost or stolen.
Dan Panesar, Regional Sales Director, Europe and Global Growth Markets, UC and Network Security, Avaya, takes the basic individual security minimum of a secured PIN a step further. “A first step is to implement a passcode or PIN to gain access to the device,” he says, “and this must be stored separately from the device.” In short, having a smart device on your person, with access to the PIN code accessible nearby all but nullifies any security that it might provide.
Many individual security issues, however, can be addressed through behavioural changes. “Individuals must make sure they think before installing any application,” warns Axelle Apvrille, Senior Mobile Malware Analyst Researcher, Fortinet, “Users need to ask themselves if the application is necessary and if the developer’s name looks legitimate,” she says. User reviews can also be very helpful in determining whether or not an app is safe.
Hussain Salem, SWG Websphere Sales Manager, IBM Middle East, puts the need for individuals to be aware of potential security threats succinctly. “Whether inside or outside the workplace, the fact is that large enterprises are collecting a huge amount of personal data that is being created by individuals via apps and social media. Without a good knowledge of security and privacy, individuals are exposed to increased risk of data theft and harmful hackers.”