According to a 2015 survey by Spiceworks, the use of smartphones in the workplace has grown by 66 percent, and tablets by 73 percent, over the past three years. Meanwhile, growth in the use of desktop PCs has stagnated. Over the coming three years, it is anticipated that growth in the use of mobile devices will continue at comparable rates. The ability to embrace enterprise mobility allows for a more connected, productive workplace. However, survey respondents say that mobile security remains as one of the top challenges when enabling a mobile workforce.

The Need for a Multilayered Mobile Data Security Model

To manage security in a mobile environment, enterprises need to implement a multilayered security model. The first step is to develop a mobile device policy, part of which includes determining whether or not the use of personal devices, or Bring Your Own Device (BYOD), is permitted. If so, what restrictions are to be placed on the types of devices allowed?

Then, organizations should decide upon a mobile security system in the form of mobile device management (MDM) or enterprise mobility management (EMM) solution for enforcing policy. They should look for a technology that provides a single point of security administration. All users and devices should be required to authenticate on this platform before they can access corporate resources. IT can provide lower levels of access to those devices that do not meet the required security posture or that are accessing from an unsecured location, such as a Wi-Fi hotspot. Inversely, they can require higher levels of authentication or the use of a VPN. Where any policy violations occur, the platform should provide automatic monitoring and reporting capabilities. MDM is particularly useful for managing the basic capabilities of mobile security, such as ensuring correct configuration of devices, enforcing strong passwords or authentication and remotely locking or wiping devices that have been lost or stolen.

Look Beyond MDM for Higher Levels of Mobile Security

However, organizations need to look beyond MDM in order to ensure mobile data security and application security. According to a 2014 study by Forrester Research, mobile data and application security concerns, including the separation of work and personal data, are among the top challenges that organizations face as they plan for the deployment of a mobile security program.

For managing data and applications, organizations should look for a comprehensive security platform such as Samsung KNOX that actually secures the device at both the hardware and software layer. The system should support encryption of data in transit and at rest. It should also provide containerization, which separates work and personal data, for the security of sensitive company information and for protecting the privacy of users.

Containerization solutions, such as KNOX Workspace, are also useful for application security because they allow organizations to restrict what may be installed in the work container through whitelisting or blacklisting. The system can also control functionality access for a particular application. Through back-end integration with a dedicated mobile app store, organizations can distribute apps to users or allow them to pull the ones they need from a preapproved list. For user convenience, organizations should support single sign-on to multiple applications. For added security, especially in terms of malware, hacking and data leakage protection, provide a sandbox within the security system.

Mobile devices have become a critical tool in most organizations for enabling productivity and for satisfying users’ needs and wishes. Mobile security is too important to be left to chance. A multilayered security strategy will not only safeguard sensitive information and protect users, but it also gives the peace of mind needed for extending bring-your-own-device (BYOD) programs, and for embracing the promise of convenience that is heralded by the Internet of Things.

Posts By

Fran Howarth

Fran Howarth is an industry analyst specializing in security. She has worked within the security technology sector for over 25 years as an analyst, consultant and writer. Fran focuses on the business needs for security technologies, with a focus on emerging technology sectors. Current areas of focus include mobile security, cloud security, information governance and data security, identity and access management, network and endpoint security, security intelligence and analytics, and security governance and regulations. Follow Fran on Twitter: @FranNL

View more posts by Fran Howarth