1. /
  2. Confident Insights Newsletter/
  3. Mobility: The CISO's New Agenda

Mobility: The CISO's New Agenda

September 13, 2012

Summary

From the onslaught of diverse mobile devices to the escalating trend around BYOD, CISOs are grappling with a host of new security challenges that need to be addressed with the same rigor reserved for traditional enterprise security in order to mitigate business risk.
From communicating and prioritizing IT risks in business-relevant terms to managing the juggernaut that's become the Bring Your Own Device (BYOD) movement, Chief Information Security Officers (CISOs) are increasingly under pressure to accommodate changes in working style that are pushing mobile security concerns to the forefront.
The numbers paint a very telling story. According to various projections by market research leaders Gartner, Forrester Research, and International Data Corp., we're on the precipice of a mobile device explosion, with the number of smartphones set to surge by 340% between 2010 and 2015 to 1.01 billion units and tablet sales skyrocketing by more than 2,170%, up to 326 million units in the same time frame. The flurry of devices is fueling a new mobile working style. A survey by Check Point reveals that 65% of enterprises already allow mobile access to their networks while Forrester says that 52% of workers tap at least three mobile devices on the job. To "feed the beast," so to speak, organizations are now commonly making line-of-business applications accessible from a mobile device, and Symantec's recent State of Mobility Survey showed that nearly three quarters of respondents (71%) were looking at implementing a corporate store to facilitate access to this new crop of mobile applications.
With any major paradigm shift comes a wealth of new security headaches and business risk exposure, and the mobility trend is proving to be no exception. Respondents to the Symantec State of Mobility Survey ranked mobility as the leading IT risk, more so than other initiatives like virtualization and public cloud computing. Device loss, data leakage, malware infection, and unauthorized access to corporate resources were ranked as top concerns, and the survey found most companies lacking in formal policies around BYOD as well as in proper education for employees on mobile security risks.

Five Pillars of Protection

Given the increased scope of exposure, experts are calling on CISOs to step up efforts to address mobile security with the same urgency and rigor reserved for traditional IT infrastructure. Effective Mobile Device Management (MDM) tools and strategies can help companies manage the shift to BYOD, whether it's setting and enforcing security controls and policies on personal devices used in the enterprise or simply protecting the business-relevant applications and data necessary for getting the job done.
There are five foundational pillars for ensuring robust levels of protection:
User and application access management. Mobile devices need to pass the same muster as traditional devices in terms of knowing who is accessing what type of system. Therefore, strong authentication and control technology, extended to both public and private cloud services, is critical and must encompass a variety of token-based authentication options along with additional token-less layers of security that go beyond traditional user name and password logins.
Device management. The plethora of mobile devices in the workplace, even those that are personally owned, need to be configured, controlled, and managed just like traditional devices. Therefore, IT requires a comprehensive mobile device management platform, integrated with widely-deployed system management frameworks for PCs and Macs, to orchestrate everything from self-service enrollment and setting up identity certificates to having centralized visibility and controls over iOs, Android, and Windows units. Capabilities for establishing passwords, application restrictions, and a remote wipe function in the event a device is lost or stolen are also essential.
Application and data protection. In many organizations, it's not about safeguarding the physical personal device, but rather establishing protections on the applications and content relevant to the business. A comprehensive mobile app management strategy should include an application store, used to establish policies for securing app delivery, complete with passwords, jailbreak compliance, and user authentication, while also allowing for centralized visibility and control and automated workflows. The ability to containerize apps by wrapping them in policies that will prevent app-to-app communications will allow corporate apps and data to co-exist with personal apps and data on the same device without threat of compromise.
Threat protection. Securing email and preventing malware remains a top priority for CISOs and the mobility and BYOD trends exacerbate the challenge pretty significantly. According to the Symantec 2012 State of Mobility Survey, 67% of enterprises are worried about malware attacks spreading from mobile devices to internal network with Android devices being a top concern. Organizations need a comprehensive platform for securing and managing mobile devices along with advanced threat intelligence—all of which is integrated with enterprise systems.
IT risk and compliance. BYOD means that more devices than ever are connecting into the corporate network which can complicate risk management and introduce new threat vectors. Organizations need to extend their security standards to these new devices and conduct frequent assessments to ensure the standards are being met. In addition, BYOD and mobile means more devices than ever have personally identifiable data stored on them. This dramatically expands the scope of compliance initiatives, and organizations need to apply data protection controls to these devices and be ready to produce reports for their auditors.

Symantec Mobile Solutions Can Help

With the proper pillars in place, there is actually an opportunity for security professionals to capitalize on the promise of mobility. The ability to receive real-time security incident reports and threat data on a phone or tablet device arms security professionals with the right intelligence and metrics to make proactive decisions while also reducing the time between the discovery of a threat and initiating a proper response. Handheld devices also foster news ways of interacting with peers, and enhanced dashboards and visualization capabilities can help better communicate security risks in terms the C-level suite and business managers can readily understand.
Symantec has a full portfolio of solutions for helping organizations secure, enable, and manage the mobile enterprise and keep a handle on BYOD without disrupting the user experience.
Managed PKI and the O3 platform will extend company credentials to both public and private cloud services and aid in user and application access management. Symantec Mobile Management delivers a comprehensive MDM solution that can operate in standalone mode or integrate directly with widely deployed system management platforms like Symantec Endpoint Management Suite or Microsoft System Center Configuration Manager for unified device management. Symantec App Center, born from the Nukona acquisition, is an app store that has the ability to create flexible containerized apps so that business and personal apps and data can co-exist with the appropriate security policies. To safeguard against the increased threat of malware attacks, Symantec Mobile Security, bolstered by the Symantec Global Intelligence Network, delivers enterprise-grade security to mobile devices as part of broader, integrated security framework, and Symantec Protection Center Mobile serves up dashboard and console capabilities for the professional, presenting risk views across Symantec and other security platforms. Finally, Symantec Control Compliance Suite 11 can give IT shops the visibility and controls to lead the enterprise in making better decisions around IT business risk.
With business risk exposure at an all-time high and the mobility and BYOD movement showing no signs of abating, it's incumbent on CISOs to adopt strategies and embrace tools that not only address new security requirements, but do so as part of an enterprise effort that integrates both the mobile and traditional IT landscapes. To find out more about how Symantec's family of integrated mobile security and IT risk management tools can help your organization deal with the onslaught of mobile devices and the BYOD trend, go to Symantec Mobile Solutions.

Back to Newsletter