IT Mobile Technology and Security
Gartner research paper
Agenda Overview for IT Operations Management published on Jan 3rd, 2014 states that
The Nexus of Forces — the converging and mutually reinforcing social, cultural and technological factors of cloud, mobility, social and information — is driving a radical shift in power away from the enterprise and toward the individual.
More and more users and businesses use smartphones as communication tools but also as a means of planning and organizing their work and private life. The mobile security concerns are mainly focused on three core aspects: identity, privacy, and compliance. This ensures that mobile devices are compliant with regulations throughout an Acquire-Deploy-Run-Retire device lifecycle, as defined by the company.
The risks associated with mobile devices as described in ISACA white paper include:
- Information interception resulting in a breach of sensitive data, enterprise reputation, adherence to regulation, legal action.
- Malware propagation, which may result in data leakage, data corruption, unavailability of necessary data, and intrusion on enterprise network
- Device corruption, lost data, call interception, possible exposure of sensitive information
- Exposure of sensitive data, resulting in damage to the enterprise, customers or employees
- Workers dependent on mobile devices unable to work in the event of broken, lost or stolen devices and data that are not backed up
- Data exposure, resulting in damage to the enterprise and liability and regulation issues
- Data leakage, unknown data loss in the case of device loss or theft
eInnosec follows framework based approach to ensure that security implementation does not miss any vital security areas that need to be considered. The security concerns are inherent in mobile device use, and approach recommends that organizations use a technology solution that centralizes mobile device management at the enterprise level to secure mobile devices used by employees. EInnotech approach ensures that security involves Governance too.
The top goals focused on:
- Account for and protect all mobile technology assets
- Aligning the Mobile technology strategy to the business strategy
- Maintaining the security of mobile information, processing infrastructure, and storage
- Making sure reliability mobile IT services and meets service level requirements.
- Ensuring compliance with laws and regulations
- Translating mobile business functional and control requirement into effective and efficient automated solutions
- Drive mobile technology commitment and support of executive
- Improving mobile technology cost efficiently
eInnosec services include:
- Implementing Mobile Device Management Solutions
- Mobile security implementation: Detecting attacks that enter via network application, and ports and services, mobile security policy development and implementation, aligning policies for future BYOD implementation, locking risky mobile device features such as cameras, Bluetooth, and SD card readers.
- Mobile application management: Assisting with white listing/black listing applications, block specific types of apps based on categories, inventory management and reporting for better visibility of apps used across devices, groups, company.
- Data Protection: Protecting data on lost or stolen devices with remote lock and wipe, implementing DLP policies, encryption, and compliance, blocking jail broken or unencrypted devices, etc.