Enterprise Security is not new but the challenges it throws at CIOs to constantly innovate and go extra mile are seemingly increasing. The proliferation of consumer mobile devices into the enterprise work networks and BYOD policies have are driving the new normal in the enterprise security space.
IT organizations have been constantly implementing security and network, data safeguarding practices through a variety of enterprise wide policies and tools. Sadly, this still is not enough. Enterprises have found themselves at the crossroads of strict security policy implementation and best practices that extends to mobile devices. Mobile devices (including smartphones and tablet) are not just another "hole" in your network that pumps/ consumes the data, but they are business critical too. And yet, CIOs have most critical responsibility to protect data by opening it to wider access.
The enterprise mobile security today is a combination of effective implementation of existing policies and robust mobile solutions. The mobile security can start with extending the IT policies to mobile devices or computers and then effectively building it into the solutions. Hence, devising the security implementation by understanding enterprise mobile risks, designing a mobile security policy and selecting a robust mobile security strategy is the new "Normal" of the Enterprise Mobile Security!
Security Approach
Enterprise Mobile security must be built on a robust framework for the solution that is safeguarded by using best of the breed mobile device management (MDM) solutions. While MDM protects the devices and network from unauthorized access and device safeguarding, the well thought out security framework should be complement throughout the layers of access for the mobile applications. The layers of access include – Device, network transit and overall application landscape. Practically Enterprises must build the overall solution and strategy to depend on more than one layer of validations.
If you have already invested on VPN networks, or any form of two or more factor authentication, consider it extending to the mobile solutions. Often mobile applications need one or more connection points into the network. More the number of interfaces, higher are the security risk. Consider using a common middleware enterprise application platform (MEAP) that allows single point of connection to the various mobile solutions and in turn connect with internal enterprise solutions.