point
Menu
Magazines
Browse by year:
April - 2013 - issue > View Point
The new Normal of Enterprise Mobile Security
Avinash Birnale
Co-founder & Vice President-Technology-Endeavour
Thursday, April 11, 2013
comment
print
Enterprise Security is not new but the challenges it throws at CIOs to constantly innovate and go extra mile are seemingly increasing. The proliferation of consumer mobile devices into the enterprise work networks and BYOD policies have are driving the new normal in the enterprise security space.

IT organizations have been constantly implementing security and network, data safeguarding practices through a variety of enterprise wide policies and tools. Sadly, this still is not enough. Enterprises have found themselves at the crossroads of strict security policy implementation and best practices that extends to mobile devices. Mobile devices (including smartphones and tablet) are not just another "hole" in your network that pumps/ consumes the data, but they are business critical too. And yet, CIOs have most critical responsibility to protect data by opening it to wider access.

The enterprise mobile security today is a combination of effective implementation of existing policies and robust mobile solutions. The mobile security can start with extending the IT policies to mobile devices or computers and then effectively building it into the solutions. Hence, devising the security implementation by understanding enterprise mobile risks, designing a mobile security policy and selecting a robust mobile security strategy is the new "Normal" of the Enterprise Mobile Security!

Security Approach
Enterprise Mobile security must be built on a robust framework for the solution that is safeguarded by using best of the breed mobile device management (MDM) solutions. While MDM protects the devices and network from unauthorized access and device safeguarding, the well thought out security framework should be complement throughout the layers of access for the mobile applications. The layers of access include – Device, network transit and overall application landscape. Practically Enterprises must build the overall solution and strategy to depend on more than one layer of validations.

If you have already invested on VPN networks, or any form of two or more factor authentication, consider it extending to the mobile solutions. Often mobile applications need one or more connection points into the network. More the number of interfaces, higher are the security risk. Consider using a common middleware enterprise application platform (MEAP) that allows single point of connection to the various mobile solutions and in turn connect with internal enterprise solutions.

Important ingredients of Enterprise Mobile Security
To further elaborate, the multilayered security approach entails the following considerations - Application Level security, Network level security and device Level Security.

The application level security mainly encompasses Runtime Protection and can be implemented through specialized frameworks such as EnSURE (Endeavour Secure Unified and Reliable Enterprise).

The network level security can be dependent on VPN, SSL/ TLS or WPA based transmission channels. The device level security can be handled through use of robust Mobile Device Management (MDM) solution.

The data security on the device can also be viewed in different modes such as Access Mode (Authentication and Authorization), Storage Mode (Encrypt, sandboxed). Security requirement of a mobility solution must be assessed in various stages of the project life cycle such as architecture and design, development and deployment.

www.techendeavour.com

Twitter
Share on LinkedIn
facebook
Disclaimer
Messages posted on this Web site under the `Comments' area are solely the opinions of those who have posted them and do not necessarily reflect the opinions of Infoconnect Web Technologies India Pvt Ltd or its site www.siliconindia.com. Gossip, mud slinging and malicious attacks on individuals and organizations are strictly prohibited. Infoconnect Web Technologies India Pvt Ltd can not be held responsible for errors or omissions in content, nor for the authenticity of the user/company name or email addresses associated with posted messages. Infoconnect Web Technologies India Pvt Ltd reserves the right to edit or remove messages containing inappropriate language or any other material that could be construed as libelous, potentially libelous, or otherwise offensive or inappropriate.Infoconnect Web Technologies India Pvt Ltd do not endorse the products and services or any other offerings mentioned in these messages.