Is a mobile-first strategy in your future?

The emergence of mobility in business is requiring companies to adapt

by Charles Cooper

Companies are scrambling to accommodate the fast-growing number of employees demanding to use their personal devices to access work files for their jobs – regardless of location or time zone.

But as mobility becomes an integral part of business strategy, it also exposes enterprise data to potential new risks.

The mainstreaming of the anytime business culture should be incentive enough for organizations to integrate mobile device security into their overall cybersecurity strategy. That’s where there has been a disconnect.

Insufficient protection

Organizations have been slow to respond to the shift.

A recent survey by Check Point found that only about 38 percent of companies have deployed dedicated threat defense solutions around mobility. In addition, just more than one-third of the security professionals in the same survey offered a bleak assessment, saying that their companies’ mobile devices were not sufficiently protected or secure.

Businesses don’t have a lot of time to sit around. As more employees move beyond the traditional corporate firewall, cybercriminals are targeting mobile devices with phishing attacks or embedding malware into legitimate mobile applications.

Integrating mobility into enterprise defense

Organizations should fashion a security framework that accounts for the changes ushered in by the shift to mobility. But simply bolting mobile capabilities onto existing processes and tools – which a majority of companies in the Check Point survey are doing – isn’t enough to meet the added security challenges.

Don’t assume that it’s enough to only set up an antivirus solution and a firewall. That may have worked in a previous era, but mobility has ushered in a very different threat landscape and data protection solutions need to evolve accordingly.

For example, companies must now support a range of usage models – accounting for both corporate-owned and personal mobile devices that employees bring to work. They also need to devise ways to separate work and personal data on their workforce’s mobile devices.

The need to adapt

Furthermore, a mobile-first business strategy requires companies to adapt – in some cases, even overhaul – their existing business processes to advance the cause of digital transformation.

When it comes to the goal of creating consistent mobile security throughout the stack, the focus should be on securing data across the different levels of the organization. That focus should include equipping IT with features such as:   

  • Centralized access management   
  • Role-based permissions   
  • Advanced encryption   
  • Capability to manage passwords   
  • Remote content wiping

Plans and processes

Additionally, IT should create an architecture and a process to create consistent mobile device management and user-support policies governing the use of mobile devices inside the organization.

Organizations also need to plan how they will handle provisioning in order to securely separate personal and corporate data on personal devices. If your organization doesn’t have the expertise to pull this together, outside experts can help.

As always, organizations should plan a layered defense with basic security technologies, including:   

  • Encryption   
  • Mobile application management and mobile device management technologies   
  • Threat-intelligence subscription services   
  • Information and event management technologies   
  • Incident monitoring

The takeaway

Mobility is an obvious boon to modern digital enterprises, but without due attention to the security implications, your mobility-first plans won’t be worth the paper they’re written on.

Learn more about securing your company’s mobile devices on the AT&T Mobile Security page.