During last month’s #SecChat, many issues around mobile security were raised and many open questions still remain unanswered. The discussion brought up some key points on securing mobile devices with more than 35 contributors tweeting over 230 #SecChat hashtag mentions.
When talking about the best practices for IT security regarding mobile devices, it was a fairly unanimous view that security is not a matter of limiting access to devices but instead creating policies and education measures to empower employees. This was echoed and reinforced by Jaime Barnett at McAfee who recently blogged that in order to improve the current state of mobile security, policy must change. As @Andrewsmhay states, many people still see mobile devices as toys and mobile security should be at the forefront of an organization’s mind.
However, answers were less definitive when the chat opened up questions about the effects on the security perimeter and whether there is still a security perimeter with the advent of mobile devices and connections. With the consumerization of IT, the perimeter no longer concerns only device security but also the security management of cloud, virtualization and the transit of data over the Internet in general. Many agreed that the prevention of downloading non-secure apps is a good practice. As mentioned by @joshcorman, perhaps a security score for apps in stores is an effective way to ensure that only secure apps are downloaded. Chat participants agreed that the question of who would score the apps and how the apps would be scored is still unanswered, but as @joshcorman emphasizes, apps will become a huge part of mobile security and the more brainstorming and thoughtful the analysis, the better.
The conversation then turned to cloud security as @Gacevedo brought up the point that devices do not need to hold corporate data now that networks are fast enough to allow for downloading on-demand from the cloud. Although, as @amorguy states, CISO’s may be more accepting of the tangible mobile device over the intangible consideration of the cloud.
At the end of the chat, many great topics and considerations were raised for those working to secure mobile devices. We can conclude from the conversation that policies will need to change and corporations will need to focus on educating and empowering the end user/owner of the device. However, specific questions remain unanswered. With apps constantly changing, will they ever really be fully secure? Will providing education for employees be too expensive? How should policies be structured moving forward? To quote Jamie from her blog post on mobile security policies, “We can’t fix the problem with technology and education is prohibitively expensive, we should be looking at the policy or how we apply the policy. Start with the user.”
At McAfee, we’re working to make BYOC (Bring Your Own Computer) easier for the IT department to support with our enterprise mobility management (EMM) solutions and through our acquisition of WaveSecure, our partnership with Citrix around VDI and our solutions around NAC, IPS, DLP, encryption, threat intelligence and centralized management with ePO.
Readers, what are your thoughts on mobile security and what do you think are the biggest issues facing corporations moving forward? Leave a comment below and share your thoughts with us.
Additionally, we’ll be hosting this month’s #SecChat on security threats and cyber espionage tomorrow, Thursday, March 3rd at 11:00am. With threats like the Night Dragon earlier this month, we wanted to kick off the conversation about the latest security threats and how corporations should protect their sensitive data and intellectual property. We hope you can join us tomorrow and look forward to hearing your thoughts.
Logistics: How do I participate in #SecChat?
- Simply follow the #SecChat hashtag (via search.twitter.com or a Twitter client) and watch the real-time stream.
- At 11am PT @McAfeeBusiness will pose a few questions to participants around securing mobile devices using the #SecChat hashtag to get the conversation rolling.
- Tweet your questions, comments, thoughts using the #SecChat hashtag. @reply other participants and react to their comments via #SecChat. Engage!
- #SecChat should last about an hour.
Questions before tomorrow? Feel free to tweet @IntelSec_Biz using #SecChat for more details. Hope you’ll join us!