• No results found

Your Company Data, Their Personal Device What Could Go Wrong?

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Your Company Data, Their Personal Device What Could Go Wrong?"

Copied!
5
0
0

Loading.... (view fulltext now)

Download now ( 5 Page )

Full text

(1)

Your Company Data,

Their Personal Device —

What Could Go Wrong?

Top 5 Myths about Mobile Security

By Barbara Hudson, Senior Product Marketing Manager

Employee use of smartphones and tablets to access corporate

information and services is exploding. And that means IT

organizations need to get beyond widely-held myths about

(2)

A Sophos Whitepaper July 2013 2

Pervasive mobility is now a fact of life in organizations of every industry, size and geography. More and more employees are using smartphones and tablets as highly-functional

mobile computers. Most organizations have accepted that reality. In fact, nearly 90% of IT professionals polled in a recent InformationWeek survey on mobile security said their organizations permit the use of personally-owned devices, or are moving in that direction. Every day, more organizations are adopting BYOD (bring your own device), often through formal programs and policies. Few technologies are expected to have as great an impact on business operations over the next few years. In a May 2013 report, the McKinsey Global Institute concluded that the mobile Internet would have the largest economic impact among all “potentially economically disruptive technologies.”

Mobile security challenges

With increased mobile device use comes a series of potential drawbacks. The increased threat of cyber attacks on mobile devices can result in data loss, security breaches, and compliance/ regulatory violations. That leaves IT organizations scrambling to come up with the right mix of mobile security defenses in order to balance protection, governance and user flexibility. Because so many employees are using consumer-class smartphones and tablets as PC replacements, organizations recognize that they must be extra vigilant against malicious theft attempts, denial-of-service attacks or potentially disastrous end-user carelessness.

One of the biggest challenges for IT leaders is making sure that their users—and business leaders—fully understand the implications of faulty mobile security practices. And they are trying to get users and management to put in place essential steps to secure their mobile devices. For many organizations, overcoming mobile security challenges is a full-time task, with a host of operational issues.

For instance, in healthcare settings the typical clinician now uses more than six different mobile devices every day, according to IDC. As the use of mobile devices becomes embedded in organizations’ core business processes, a number of misconceptions and myths are making IT decision-makers’ jobs more difficult than ever.

Top 5 myths about mobile security

Myth 1: Everyone needs full rights to all network-based data and services.

This is a common lament for IT organizations. An end user’s title or job function shouldn’t mean they have access to all applications and services—at least not all the time or under all circumstances.

(3)

Segregating network data, applications and services is a security best practice. IT

professionals need to implement security software that automatically manages identities and access for all employees and contractors.

Myth 2: Employees are savvy about proper use of mobile devices and can be trusted to avoid risks.

It’s true that many users are quite savvy about accessing data and applications using mobile devices. But that doesn’t mean they’re using smart security practices.

It’s hardly unusual for an IT manager to stroll around a department and find passwords written on Post-it notes attached to monitors or desks. At the same time, IT’s repeated attempts to encourage users to change their passwords regularly and avoid using easy-to-crack passwords are often ignored.

The trend known as bring your own software or services (BYOS) is another area of growing concern, when an employee uses applications for both work and personal use to access information and services behind the corporate firewall.

IT organizations must put in place policies for locking and wiping lost or stolen devices, and there are security solutions that can do that quickly and automatically according to organizational policies. Finally, keep in mind that not all users regularly update their device software—especially security patches and new encryption schemes.

Myth 3: Data protection is a concern for company executives, not rank-and-file employees.

This is a dangerous misconception for a number of reasons, not the least of which is that malware attacks most often strike from the web. Unless a user’s personal mobile device has been properly and regularly protected, it’s an open invitation to any number of malicious attacks. Web attacks not only put corporate data at risk, but also seriously undermine user productivity because access to data, applications and services is denied. Employees end up losing the use of their personal devices for work while IT organizations search for the cause of an attack and fortify the device against future attempts.

Then, there are the legal issues. Users don’t like being dragged into discussions with attorneys and compliance officers about whether they regularly follow company policies and security protocols. It’s important that all mobile device users not only understand organizational best practices, but also recognize their role as the potential weak link in the security chain protecting corporate assets.

Myth 4: BYOD compliance programs are unnecessarily rigid and inhibit user flexibility.

(4)

A Sophos Whitepaper July 2013 4

BYOD compliance mandates don’t have to be a burden on users. Well-established guidelines and automated mobile device management tools can save time and money, making users happier and more secure.

Myth 5: Encryption is a security issue, not an operational one.

By now, it’s clear to IT departments and their business stakeholders that personal mobile devices and the data on them must be protected with strong encryption schemes. Encryption does more than protect company data. Users certainly care that their personal data,

applications and services are safe and secure, and that their devices can’t be improperly used if they are lost or stolen.

Proper encryption of mobile devices is a vital element in most organizations’ disaster recovery and business continuity plans. And it should be regarded as an operational imperative for all users, not just a technical requirement for the IT team to worry about.

What to look for in a mobile device security

solution

First, you’ll need to make sure your security solutions can support a wide variety of devices. This includes hardware platforms like Apple, Samsung and BlackBerry, along with their operating systems (such as Android, iOS, BlackBerry and Windows Phone 8).

Your mobile security solutions will need to seamlessly integrate with your infrastructure and services framework, so look for security solutions with strong application management and control features. You’ll also want the ability to block unwanted applications from executing, as well as to deploy required applications.

Naturally, your security platform must incorporate not only industry-standard security best practices, but also policies unique to your organization. It must include robust data encryption and data protection from the onset, not added on after the fact. Finally, policy management and compliance protocols are an essential part of today’s mobile device security solutions.

Sophos’ mobile security solutions

Sophos Mobile Control (SMC) is a long-established and highly-regarded security software suite that includes essential mobile security functions such as device management,

encryption, security, application management and data protection. SMC supports all popular device platforms, including iOS, Android, Samsung SAFE, BlackBerry and Windows Phone 8. You can deploy SMC either on-premise or using a Software-as-a-Service model. And Sophos works closely with numerous managed service providers who offer a no-worries, pay-as-you-go managed service.

(5)

Your Company Data, Their Personal Device — What Could Go Wrong?

United Kingdom and Worldwide Sales North American Sales Australia and New Zealand Sales Asia Sales

The solution ensures that only compliant mobile devices have access to corporate email and data, and that devices out of policy compliance are locked or wiped if lost or stolen. The Sophos Mobile Encryption app gives users the ability to securely access encrypted files stored in the cloud, with Dropbox, Egnyte and other storage provider integration for transparent use. Sophos’ SafeGuard Enterprise Encryption for Cloud Storage from a Windows workstation integrates tightly with Sophos Mobile Encryption, enforcing password complexity. SMC also supports an add-on application, Sophos Mobile Security, to protect Android devices against web-based attacks.

Conclusion

IT organizations are being asked to embrace and support user demands to access essential data, applications and services on tablets and smartphones. And this trend will only

accelerate in the coming years. That puts major pressure on IT and security teams to ensure that those devices are used in accordance with policies and best practices designed to safeguard corporate assets.

IT leaders have discovered that there’s a very fine line between giving mobile users the freedom and flexibility to use personal mobile devices, and potential disaster brought on by faulty technology, inappropriate user behavior, or both.

Fortunately, mobile security solutions available today can support all hardware and software platforms and offer automated prevention and remediation of problems.

Sophos Mobile Control is a richly featured, highly automated security suite for mobile devices across a variety of platforms. Its tight integration of device management, security, data protection, compliance management, encryption and other security measures makes it a smart choice for IT decision-makers.

Sophos Mobile Control

References

Download now ( PDF - 5 Page - 191.40 KB )

Related documents

Euchlorocystis gen. nov and Densicystis gen. nov., Two New Genera of Oocystaceae Algae from High-altitude Semi-saline Habitat (Trebouxiophyceae, Chlorophyta)

The Oocystaceae family, with the type genus Oocystis, is generally considered to be a kind of common freshwa- ter coccal microalgae with the distinctive morphology of oval or

EXECUTIVE DECISION NOTICE. ICT, Communications and Media. Councillor John Taylor. Deputy Executive Leader

• Risks involved in viewing the Council’s data on a personal device – the Council has purchased Mobile Device Management software to control personal devices and access

Taxation by Auction: Fund-Raising by 19th Century Indian Guilds

compare the auction mechanism to conventional forms of taxation and show that under certain conditions, not only will a majority of the guild members prefer to be taxed via the

Complete User Protection

• Deep Security, Enterprise Security Suite, Enterprise Data Protection, OfficeScan, Control Manager and Mobile Security and Device Management?.

Magic Quadrant for Endpoint Protection Platforms

The base LANDesk Security Suite includes an anti-spyware signature engine (Lavasoft), personal firewall, HIPS, device control and file/folder encryption, vulnerability and

Magic Quadrant for Endpoint Protection Platforms

• The base LANDesk Security Suite includes an anti-spyware signature engine (Lavasoft), personal firewall, HIPS, device control and file/folder encryption, vulnerability

Centralized management and automated audit and access control are becoming requirements to meet government and industry compliance regulations.

As the company has now entered the mobile security/managed access control market, we anticipate Centrify will be competing with mobile device management

Need Help With My Maths Homework >>>CLICK HERE

Pennsylvania johnny cash won't back down, Illinois grammar rules for essay writing article on importance of sports in school curriculum how to order critical thinking on gay