On the Road to Security
The increasing adoption of mobile, cloud, and other technologies is enabling new levels of productivity, business agility, and convenience. These disruptive technologies, though, also are disrupting the perimeter, causing traditional perimeter-based defences to be less effective.
Couple that with the emergence of identity as a major threat vector and you have the potential for a perfect storm of exposure.
According to the Information Security Community’s 2016 BYOD & Mobile Security Report 67% of CIOs and IT professionals believe that mobility will impact their organizations as much, or more, than the Internet did in the 1990s. With 12.1 billion mobile devices projected to be in use by 2018, mobility’s influence cannot be ignored.
Mobility, though, poses unique risks, from unsecured networks to infected mobile apps to physical loss of devices. Taking command of your security posture in today’s landscape of mobility and increased risk involves rethinking your security strategy – particularly around identity. Here are some points to consider:
Do You Know Who Your Mobile Users Are?
Mobile users want convenient access anywhere, anytime, from any device. How do you know, though, that the person on a smartphone is the authorized user? According to the 2016 Verizon Data Breach Investigation Report, 63% of confirmed data breaches involved leveraging weak, default, or stolen passwords.
The majority of devices utilize only password protection as a security measure. In addition, only 38% of organizations say they proactively remove data from mobile devices when employees leave the company – a potentially serious issue if corporate data, or access to that data, are resident on those devices.
These practices leave mobile devices vulnerable and at high-risk for having user credentials compromised which, in turn, can expose your systems and data to cyber threats.
User Convenience
The growth of consumer applications on smartphones and other mobile devices is setting the bar higher in terms of user expectations of convenient access. This is creating increased pressure for organizations to implement similar consumer-based authentication methods (e.g., push notification, fingerprint readers) in the workplace. After all, once you get used to Touch-ID, who wants to go back to memorizing a complex 30-digit password that changes weekly?
Risky Behaviour
There are a number of security risks associated with mobile apps, beginning with a lack of policy around their download and use.
According to Ponemon Institute’s State of Mobile Application Insecurity study, 55% of organizations allow their employees to use and download business apps on their personally owned devices (BYOD); 39% allow employees to use their personal mobile apps on company-assigned mobile devices.
Phishing threats and risky user behaviours, including password reuse between personal and corporate apps on these devices, tapping into unsecured Wi-Fi networks to access corporate systems, and use of social networking all can expose mobile users’ credentials to potential theft.
Mobile App Security Concerns
In tandem with the lack of corporate policy around mobile app use is the increasing risk of malware-infected apps.
The same Ponemon study indicates that developers often neglect security when building mobile apps, “potentially exposing their customers’ data because they don’t scan the code for vulnerabilities.” Reported reasons include rush-to-release pressures, a lack of QA and testing, and a lack of clear security requirements.
In his blog on these findings, Larry Ponemon notes that while mobile app development certainly will continue, the lack of focus on mobile security positions mobile apps for increasing security risks as cybercriminals become more sophisticated and aware of these vulnerabilities.
Reimagining Your Mobile Security
Mobility offers tremendous business benefits. At the same time, it poses distinct security risks. Taking security “on the road” begins with solving two fundamental challenges: are your users who they say they are and do they have the right access?
Forward-looking identity assurance solutions such as RSA SecurID® Access offer a comprehensive set of capabilities including access management, multi-factor authentication, and risk analytics.
Today’s modern solutions provide multiple convenient and secure ways to authenticate all of your users, analyse their behaviour and context, and assure that the right individuals have the right levels of access – from anywhere and any device. The bottom line? If you want to be confident that users are indeed who they say they are, have convenient access to what they should, and compliance is tracked to minimize risk, start with a security solution that protects your mobile endpoints against identity threats with convenient AND secure access. Talk with our RSA security expert today. Better yet, visit c4secure.co.uk and contact us to sign up for a free trial.