Menu
Categories

The Mobile Security Gap

Published November 12, 2014 | By Dan Blum
No one has fully figured out how to throw a security blanket over the enterprise mobile environment, that chaotic patchwork of geographies, carriers, operating systems, applications, device types and ownership models.

Any enterprise tackling web security for mobile devices must contend with three difficult problems: manageability, user experience and containerization. Enterprises that buy a homogeneous fleet of mobile devices for their employees under a strict set of policies are in the best position.

Using a mobile device management (MDM) solution, they can configure the devices (sometimes in a tamper-proof manner) to route web traffic to the security proxies of choice. But user experience can be a severe challenge if the proxies create latency.  Cloud-based proxies in a distributed, global fabric have the best chance of delivering low latency service, but turning this on for mobile devices may be a hard sell to the business and the users alike.

 Enterprises operating under the bring your own device (BYOD) model find themselves in an even more difficult position on security. In many jurisdictions, the only reasonable protection solution for an organization’s data on a worker-owner device is to containerize it into a separate logical or virtual partition so as to avoid having to touch any of the user’s personal data or functionality. But containerization – whether using Good Technology, Samsung Knox, or another solution – adds complexity, still creates latency and may cause more user experience issues.

 Thus, enterprises are caught between a rock and a hard place when it comes to mobile device security from malware on the web. Users are accessing important services from these devices and storing sensitive data – at least email – on them too. Android devices and Windows devices are especially vulnerable. And even users of the relatively robust IOS and Blackberry systems can succumb to phishing lures that security gateways could mitigate – if only the organization could hook them up.

All the usual compliance risks and obligations apply and are worsened by the absence of web security for mobile devices. But who is ready to tackle the manageability, user experience and/or containerization issues? Not many enterprises as yet. I created this little rant because, nestled  as it was inside of another post I was writing, it seemed too long a digression. On the other hand, there’s a lot more to say, and I’ll certainly expand on the mobile security topic. Please drop me a comment in here if you’re seeing any progress in the space, or have something you’d like me to cover.

Posted in Dan Blum | Tagged , ,
Subscribe to Blog Notifications...  HERE
Recent Posts
Search
Categories
Archives
Tags
Active Directory anti-malware APT audit authentication authorization blockchain breach CISO cloud computing cloud security compliance cryptography cyber-insurance cybercrime cybersecurity DLP encryption endpoint security FAIR federated identity governance IAM identity management incident response IoT malware mobile security NIST CSF OAuth PAM personal protection privacy privacy by design privileged access management privileged account management privileged identity management rational cybersecurity risk management RSAC security architecture security governance sharing social login vulnerability management