| Executives March 31, 2017
March 31, 2017
Cybercrime goes where the value is and the value is increasingly going to be in the data that sits in cloud services and the mobile devices that access them. Paying attention now can help you be in a much better security position later.
In every business there must be balance. This is especially true when looking at the IT and security functions. Both teams should embrace and protect the technology their employees use to get work done, but sometimes these teams work against each other.
For example, if it is the IT team’s goal to “keep devices up and working,” and a security team is mandated to “ensure all threats are stopped immediately,” the IT team will try to prevent devices from going offline while the security team will want to take devices offline to stop any threats from spreading and doing damage.. They work against each other.
In order to properly prepare for the future, “You need combined incentives so you’re not working against each other,” according to Phil.
This means creating balanced security policies that embrace usability and productivity by focusing on the mobile environment itself. In other words, security teams must gain visibility into the broad spectrum of threat vectors/risks associated with mobile device, while not blocking an employee’s access to important apps.
Preparing for the future isn’t easy, but that doesn’t mean we can ignore the policies and regulations we have in place today. There are over 190 nations in the world and a growing number of them have privacy regulations.
This especially true when thinking about the mobile device and how much data can be access and transmitted through apps outside of the enterprise.
“There is virtually no way to do all the things that you want to do in terms of making sure your devices are appropriately monitored and still stay in line with all of the requirements — you’re going to have to make some compromises,” Phil explained.
In the not-so-distant past enterprises looked at mobile risks as an employee getting his phone stolen. With threats like Pegasus, and the reality of remote attacks, we must have the same level of concern for mobile attacks as for the desktop environment.
The move to mobile and cloud acts as a forcing function for security and IT teams to evaluate their overall security posture. Embracing that these threats are already here will put your enterprise into a much stronger position when the mobile risks to your corporate data start inundating your organization.
Learn more about the state of mobile security from CISO and current CEO of TAG Cyber Ed Amoroso in his video on evolving architecture, insufficient MDMs, and dead perimeters.
If you want to learn more about mobile security and get a personalized look at the needs of your specific organization, get in touch with us today.