The new Normal of Enterprise Mobile Security Date:   Thursday , April 11, 2013 Enterprise Security is not new but the challenges it throws at CIOs to constantly innovate and go extra mile are seemingly increasing. The proliferation of consumer mobile devices into the enterprise work networks and BYOD policies have are driving the new normal in the enterprise security space. IT organizations have been constantly implementing security and network, data safeguarding practices through a variety of enterprise wide policies and tools. Sadly, this still is not enough. Enterprises have found themselves at the crossroads of strict security policy implementation and best practices that extends to mobile devices. Mobile devices (including smartphones and tablet) are not just another "hole" in your network that pumps/ consumes the data, but they are business critical too. And yet, CIOs have most critical responsibility to protect data by opening it to wider access. The enterprise mobile security today is a combination of effective implementation of existing policies and robust mobile solutions. The mobile security can start with extending the IT policies to mobile devices or computers and then effectively building it into the solutions. Hence, devising the security implementation by understanding enterprise mobile risks, designing a mobile security policy and selecting a robust mobile security strategy is the new "Normal" of the Enterprise Mobile Security! Security Approach Enterprise Mobile security must be built on a robust framework for the solution that is safeguarded by using best of the breed mobile device management (MDM) solutions. While MDM protects the devices and network from unauthorized access and device safeguarding, the well thought out security framework should be complement throughout the layers of access for the mobile applications. The layers of access include – Device, network transit and overall application landscape. Practically Enterprises must build the overall solution and strategy to depend on more than one layer of validations. If you have already invested on VPN networks, or any form of two or more factor authentication, consider it extending to the mobile solutions. Often mobile applications need one or more connection points into the network. More the number of interfaces, higher are the security risk. Consider using a common middleware enterprise application platform (MEAP) that allows single point of connection to the various mobile solutions and in turn connect with internal enterprise solutions. Important ingredients of Enterprise Mobile Security To further elaborate, the multilayered security approach entails the following considerations - Application Level security, Network level security and device Level Security. The application level security mainly encompasses Runtime Protection and can be implemented through specialized frameworks such as EnSURE (Endeavour Secure Unified and Reliable Enterprise). The network level security can be dependent on VPN, SSL/ TLS or WPA based transmission channels. The device level security can be handled through use of robust Mobile Device Management (MDM) solution. The data security on the device can also be viewed in different modes such as Access Mode (Authentication and Authorization), Storage Mode (Encrypt, sandboxed). Security requirement of a mobility solution must be assessed in various stages of the project life cycle such as architecture and design, development and deployment. www.techendeavour.com