• No results found

White Paper. Data Security. The Top Threat Facing Enterprises Today

N/A
N/A
Protected

Academic year: 2021

Share "White Paper. Data Security. The Top Threat Facing Enterprises Today"

Copied!
10
0
0

Loading.... (view fulltext now)

Full text

(1)

Data Security

(2)

Introduction

Vulnerabilities of Mobile Devices Alarming State of Mobile Insecurity Security Best Practices

What if a Device is Lost or Stolen? Further Recommendations

Mobile Device Management (MDM) Mobile Application Management (MAM) Dual Persona Approach

Looking Forward About JourneyApps 01 02 03 03 04 04 04 05 05 05 06

CONTENTS

(3)

A whopping 63% of

enterprises surveyed,

listed security

as their biggest

current concern.

Data Security:

The Top Threat Facing Enterprises Today

Mobile devices are ubiquitous and are enabling enterprises to be more productive and efficient than ever before. But they also pose a great threat to the data security of companies as devices have access to sensitive information such as business plans, intellectual property and personal information. The threat to data security is growing daily, and enterprises have reason to be concerned.

According to a recent IDG Enterprise survey, security is currently the top mobility challenge facing enterprises. A whopping 63% of enterprises surveyed, listed security as their biggest current concern.

The top challenges with regard to ensuring and maintaining security of mobile data are:

• Data leak prevention (52%)

• Intrusion detection/prevention (48%) • Managing access to data (48%)

• Preventing data loss due to lost mobile devices (47%)

With so many threats to mobile security, it is understandable why a great deal of companies have been affected by data breaches. In a report commissioned by the security firm Lookout, almost three-quarters (74%) of the major firms surveyed said that they had suffered a mobile breach. Unsurprisingly, the ability to meet security requirements is now a critical factor when evaluating possible mobile vendors.

The Lookout study was based on a survey of 100 IT leaders and IT security executives at companies from a range of industries with an average of 23,000 employees. An important point raised in the results, was that companies often don’t discover security vulnerabilities until it is too late. One of the respondents, an IT leader of a mid-level professional services organization, tells of how they only discovered a breach more than a month after it had occurred. It initially appeared as if someone was leaking sensitive data, but eventually malware was discovered on a company-owned mobile device used by one of their executives.

According to the IT leader mentioned above, they are still going through the due diligence process to determine the particulars around how the malware ended up on this device. “However, it definitely opened our eyes to the dangers of allowing users to access data from their mobile devices.”

journeyapps.com

(4)

Putting devices

into the hands of

employees increases

the risk of loss and

theft, which can lead

to a breach in security.

Vulnerabilities of Mobile Devices

According to the Lookout report, the most common issues encountered by companies in the past were:

• Mobile apps that contained security vulnerabilities • Apps containing malware

• Unsecured Wi-Fi connections

The installation of malware is a common cause of data breaches, and phones are now more likely to be hacked than ever before. If malware is opened, it exposes corporate data via the device. Malware can spread when employees download games, click on untrusted links or connect to free Wi-Fi.

Recent examples of vulnerabilities include the iOS malware XcodeGhost, which made its way into the iOS App Store and steals data and personal information from devices. Another example is Stagefright 2.0, which allowed hackers to take over Android devices remotely. It is estimated that more than 1 billion Android devices were made vulnerable by this malware.

Device loss and theft is another cause for concern. Employees who

use mobile devices can work remotely and this can greatly increase productivity. Some enterprises issue employees with company devices, while others employ a Bring Your Own Device (BYOD) policy. BYOD policies save companies money and can increase employee satisfaction, as employees sometimes prefer to work on their own mobile devices rather than on company-issued devices. It also lowers the strain on IT departments as the responsibility for maintenance and upkeep lies with the employee. And the likelihood of employees working after hours also increases.

But putting devices into the hands of employees increases the risk of loss and theft, which can lead to a breach in security. Whether devices are company-owned or BYOD, they should be treated in the same way, from a security perspective, as desktop computers.

(5)

“Building security into

mobile apps is not top

of mind for companies,

giving hackers the

opportunity to easily

reverse engineer

apps, jailbreak mobile

devices and tap into

confidential data.”

According to Forbes, enterprise IT departments still devote almost three quarters of their security resources to perimeter controls, and this is no longer the right balance. “People, devices, and data are the new perimeter,” according to Naresh Persaud, senior director of Oracle’s security product marketing.

Mobile devices are more vulnerable and enterprises should apply security measures at device level, application level, as well as data level.

Alarming State of Mobile Insecurity

What is very worrying, is the fact that nearly 40% of large companies, including many Fortune 500 companies, aren’t taking the right precautions to secure the mobile apps that they build for customers. According to a study by IBM Security and the Ponemon Institute, organizations are poorly protecting their corporate and BYOD mobile devices against cyber-attacks — and this opens the door for hackers to easily access user, corporate and customer data.

With a growing security threat, it is surprising that so few companies conduct proper testing on apps that they build. The Ponemon Institute and IBM Security study looked at the security practices in over 400 large organizations and found that the average company tests less than half of the mobile apps that they build. Also, 33% of companies never test apps and 50% of organizations devote no budget towards mobile security. Companies spend more money after data is stolen than they are spending to secure data in the first place.

“Building security into mobile apps is not top of mind for companies, giving hackers the opportunity to easily reverse engineer apps, jailbreak mobile devices and tap into confidential data,” said Caleb Barlow, Vice President of Mobile Management and Security at IBM.

Among organizations surveyed, an average of $34 million was spent annually on mobile app development, but only 5.5% of this budget is being allocated to securing apps against cyber-attacks before making them available to users.

journeyapps.com

(6)

In 2014 alone, over 1 billion pieces of personally identifiable information were compromised as a result of cyber-attacks, according to IBM X-Force research.

Given the growing data security threat and the alarming state of mobile insecurity, it is no surprise that companies will be stepping up their investments in mobile security infrastructure over the next year.

Security Best Practices

There are many steps that enterprises can take to secure their data. When choosing a hosting solution, enterprises should choose a provider with world-class security measures and certifications for infrastructure-level security.

All cloud servers should have protections and access controls built in to ensure that no unauthorized access to data can occur. Data should be backed up at least daily, encrypted and stored off-site in a secure data centre.

Enterprises should also think carefully about who will have access to data. Access and security policies for staff performing maintenance on infrastructure should conform with the highest industry security standards. Hosting solutions should make use of audit trails so that any data modifications are recorded and can be retraced.

Furthermore, servers should be equipped with firewalls to restrict network access, and they should be penetration-tested. Operating system upgrades, patches and infrastructure software updates should be applied on a regular basis.

Lastly, all communication between mobile devices and servers should occur over a Transport Layer Security (TLS) encrypted channel and data should be protected in various states: At rest in the cloud, on the device, as well as in transit.

In 2014 alone, over

1 billion pieces of

personally identifiable

information were

compromised as a

result of cyber-attacks.

(7)

Maintaining

appropriate levels

of data security will

remain one of the

biggest challenges

for enterprises

in the future.

journeyapps.com

05

What if a Device is Lost or Stolen?

One of the weakest links in the security chain is still the user. Luckily there are various ways to secure data if a device is lost or stolen to ensure that unauthorised people don’t get access to sensitive company information.

Enterprises can configure operating system level security settings on mobile devices. This includes requiring a user to authenticate using a PIN code every time when the screen is unlocked, as well as wiping the device if a predefined number of incorrect PIN attempts are made. The entire file system can also be encrypted to make sure that unauthorized users don’t get access.

Further Recommendations

Enterprises can also use third party Mobile Application Management (MAM) or Mobile Device Management (MDM) services, or Dual Personas, to further increase security.

MDM is used to ensure that employees do not breach corporate policies

and can apply virtual geographic limits for devices. This includes monitoring capabilities that allow enterprises to track and report on information about mobile devices across the enterprise — of both company owned and BYOD devices. It also allows enterprises to remotely wipe data or locate devices.

MAM enables IT administrators to distribute, update and manage secure

applications, as well as configure apps and provision users.

MDM and MAM solutions should install malware protection on the device that scans for viruses and quarantines affected applications and files on devices.

If companies do enforce a BYOD policy, they can use a Dual Persona

Approach. This means on one device there can be a work persona

for all work-related tools and communications, and a separate one for personal communication. Organizations can secure work-related content and comply with security policies, and also remotely wipe only work-related content. By doing this, the organization respects the employee’s privacy and can even create separate phone numbers for work and personal use.

(8)

Looking Forward

Mobile devices are rapidly becoming productivity tools and have access to large amounts of enterprise data, and it could be detrimental to a business if security is compromised. Various threats and vulnerabilities are appearing daily. Hackers often target mobile devices and employees sometimes lose devices or click on malicious links or download malicious software.

Enterprises should combine security measures on app, device and data level. They should ensure that data is encrypted and that only authorised users have access. They should also have contingency plans in place for when devices get lost or stolen.

Maintaining appropriate levels of data security will remain one of the biggest challenges for enterprises in the future.

(9)

About JourneyApps

At JourneyApps we build mobile apps that are customised to suit your unique business processes. If you have a mobile workforce, we can help you find efficiencies and address specific business challenges. The JourneyApps mobility platform helps you build robust applications on Android, iOS and Chrome. We have years of experience in building mobile apps and understand your needs. Our team of engineers will help you brainstorm around your processes and will provide a simple and easy-to-use solution. And we build fast, so we will assist you in proving success quickly and can iterate and deploy on-the-go. We have deployed solutions in sectors such as financial services, asset management, logistics, field service, healthcare, agriculture and market research. Each month thousands of people use JourneyApps solutions and tens of thousands of documents, such as job cards, delivery notes, and incident reports are processed.

Enterprises can rest assured that their data is safe with JourneyApps. We adhere to the highest security standards built into the JourneyApps Platform, meaning all apps built on the JourneyApps Platform benefit from these world-class security measures by default.

If you you are interested in the technical details of how JourneyApps protects your data, read our

Technical Data Security White Paper.

You can also talk to one of our mobility experts today about how we can help your mobile workforce become more efficient.

[email protected] journeyapps.com

Learn more about JourneyApps

journeyapps.com

(10)

United States

973 E. San Carlos Ave.

San Carlos

California

94070

Phone: +1 (650) 353-3292

South Africa

Unit 109, Block C

Bosman’s Crossing Square

Distillery Road

Stellenbosch, 7599

Phone: +27 (0)21 880 8250

Australia

Level 20, Tower 2

201 Sussex Street

Sydney

2000

Phone: (+61) 1300 780 319

References

Related documents

Additionally, the comparison of existing and/or new petrographic data of diasporitic tools found elsewhere in the Aegean Archipelago and W Anatolia (for a corpus

vulnerabilities of mobile devices and corporate data systems, this article will address the top threats anticipated in 2016, along with security measures that can reduce

An eff ective desktop security architecture must address security vulnerabilities at the user level, the endpoint device level, the application level, data center level, the

The Oocystaceae family, with the type genus Oocystis, is generally considered to be a kind of common freshwa- ter coccal microalgae with the distinctive morphology of oval or

Networked citizen politics, characterized by decentral- ization, swarm-like action and an intensive use of information and communication technologies have been playing an

Glavno ogrodje programske kode, s pomočjo katerega smo razvili aplikacijo, je ogrodje Ruby on Rails [4], ki postavlja strukturo in logiko celotnega projekta. RoR uporablja

In such an environment, agencies need a mobile strategy that addresses security for users, devices, apps and data, and can manage at both the app and device level to

"And the LORD said to Moses, 'Go on before the people, and take with you some of the elders of Israel... There was plenty of water for the people