There’s no doubt that strategic use of mobile technology has made organisations more productive. However, in many cases the adoption of new technologies and way of working have also changed, and in some cases increased, the level of cyber threats businesses face.
IN:SIGHT spoke with Telstra’s Product Portfolio Manager Hugh Stodart about the practical measures business leaders can take to keep their information secure without compromising productivity.
The traditional ‘perimeter’ security model is broken down by demand for increased end-user mobility and greater flexibility in the way applications are managed and used, including cloud adoption.
Stodart says the threat landscape is rapidly broadening and the new ‘mobile business’ needs to address the security implications of these trends.
“The security measures required for protecting your data are conceptually the same,” Stodart says. “Elements such as access control, monitoring use and policy compliance are still relevant, but in many cases new tools are required to give your organisation visibility and control over mobile devices and cloud applications.”
Stodart says Telstra’s 5 Knows of Cyber Security framework is a good starting point for business leaders to address risk.
“Know where your data is and how important that data is not only for you, but for potential malicious parties who may seek to have access to that data,” he says. “It is also critical that you know how well that data is protected and who is protecting it. What kinds of solutions do you use to protect your most valuable data?’
Mobile businesses also face the challenge of mobile device use without prudent security policies in place and the adoption of ‘shadow IT’ driven by easy access to Cloud services, also without well-defined or established policies.
To create a more secure work environment, Stodart recommends a number of device policy guidelines, starting with a bring your own device (BYOD) acceptable use policy that also covers employees who leave an organisation but take their mobile device with them.
“Ensure you have end-point protection on all devices within your organisation including mobiles, tablets, laptops, PCs and server infrastructure,” Stodart says. He also recommends adding remote policy device management using technologies such as mobile device management (MDM), mobile application management (MAM), or mobile content management (MCM) to keep business data separate from personal data.
Other tactical measures on Stodart’s security checklist include encryption of corporate data when it is stored on a device and when it is being accessed, and ensuring the use of VPN encryption for connectivity back to the corporate network.
“Regularly update devices with the latest operating systems and patches and never allow ‘jailbroken’ devices, or devices which have had default user access privileges overcome, onto your network,” he says. “Use strong passwords on devices and, where possible, use two-factor authentication for access to sensitive applications or data.”
“Get ahead of the curve by providing access to a broad range of approved Cloud-based apps, giving employees the freedom to select what best meets their needs.”
Hugh Stodart, Security Product Portfolio Manager
Shadow IT requires a measured approach
With so many options for on-demand IT services delivered from the cloud, end users often adopt applications that are not sanctioned by the CIO or other business leaders. This ‘shadow IT’ trend must be managed to avoid security issues.
To control shadow IT, Stodart says organisations need to have a clear position and process for procuring cloud applications in their corporate acceptable use policies.
“Implement tools to provide real-time auditing of the use of unauthorised cloud applications and potential shadow IT data exposures,” he says.
Stodart does not, however, recommend simply blocking popular SaaS applications outright. “Employees are usually simply trying to get their jobs done. Work with employees to understand their requirements and agree on a suitable application fit for purpose that allows you to monitor and block sensitive data leaving the organisation,” he says.
“Get ahead of the curve by providing access to a broad range of approved cloud-based apps that give employees the freedom to select what best meets their needs.”
The mobile business of 2016 faces numerous security challenges. However, with prudent planning and oversight, the benefits in productivity will continue to materialise.
The traditional perimeter security model is being broken down by demand for increased end-user mobility, requiring increased focus on:
- BYOD equipment
- End-point protection
- Shadow IT and non-approved software
- Access to IT facilities, especially software