Keep Your Enemies Closer – Bringing Mobile Devices into the Security Fray

“Keep your friends close, and your enemies closer.” Attributed to Machiavelli and Sun Tzu, this truism points to the importance of keeping a close eye on those that can hurt you the most.

Against a backdrop of unprecedented growth in smartphones and tablets in the enterprise, IT and security professionals – with an increasingly unfunded mandate – are under intense pressure to say yes to mobile devices on the corporate network.

This drive to support enterprise mobility arrives on the heels of more than a decade of billions of dollars of collective investment in compliance. Following several high profile data breaches and in response to substantial regulatory and industry policy, corporations around the world have erected security infrastructures to lock down, manage, monitor, and report on the security of corporate IT environments. What resulted was a reasonably effective security infrastructure that allowed IT and security professionals to set access and security policies, enforce those policies, and then prove compliance and certification to auditors.

Today’s influx of mobile devices threatens that model. The countermeasures, processes, and policies that were put in place over the last several years rely on more traditional data center-centric client/server approaches, fixed-line infrastructure, and a defined network perimeter that more often than not rests at the physical perimeter of the organization. They don’t easily incorporate mobile devices. To deal with this, some organizations are creating a second rudimentary security silo to manage and secure mobile devices. Some are ignoring the gaps or half-managing them with the hope that a major data breach does not occur on their watch. But organizations that are ahead of the curve recognize that these devices can cause them harm, and – just as a good dictator keeps his enemies close – are bringing those devices into the existing security infrastructure so they can manage them like any other endpoint.

Granted, we are McAfee and are a little more focused on mobile device management as a security issue. But we are hearing from our customers that the biggest challenge of mobile devices is security and compliance. And we believe that one way to combat the security and compliance challenges posed by devices is by bringing them into the security fray – seeing and reporting on them alongside other endpoints, deploying technologies like anti-malware to them when we deploy to other endpoints, protecting their web access as we do other endpoints, preventing data leakage, and so on. Here at McAfee, we’ve invested a great deal of time in understanding these issues with our customers and we’ve invested both time and money in integrating our mobile device management technology with our other security technologies to create one, single security silo. This is in-line with McAfee’s Security Connected open framework for integrating security across the IT infrastructure, as well as with our customer needs.

Keep your eyes peeled for upcoming updates from us on this topic, including a white paper. We’ve also asked Jack Gold, a leading mobile and security expert, to hold an educational (not touting-our-wares, we promise) webinar on the steps to mobile security on Wednesday, 4/27 at 11am PT. Please join us! We will also be live-tweeting the webinar on Twitter from @IntelSec_Biz using the #MFEWebinar so feel free to check out the feed for live updates during or after the webinar. If you have any questions during the webcast, you can submit them via Twitter to have them answered in the feed.

Leave a Comment

3 × five =