SlideShare une entreprise Scribd logo
1  sur  4
Télécharger pour lire hors ligne
White Paper: Mobile Security



Mobile Security:

The Essential Ingredient
for Today’s Enterprise
                               In a well-publicized case, a data analyst em-
                               ployed by the U.S. Department of Veterans Affairs (VA) took his laptop
                               home to suburban Maryland. Burglars entered his home and stole
                               the laptop. Suddenly, the personal information of some 26.5 million
                               veterans was at risk. The incident became an international news story
                               raising caution flags about managed security at the VA.

                               Incidents like this one are not unusual today, and the risk is increas-
                               ing as the mobile workforce grows. Gartner reports that 83.9 percent
                               of businesses have a remote workforce, and by 2011 an estimated 46
                               million employees globally will telecommute at least one day per week
                               and 112 million will work from home at least one day per month.

                               Software and technology solutions help mitigate security risks and
                               safeguard organizations from threats, but they require IT staff to select,
                               deploy and maintain them. The problem is, today’s IT environments
                               are lean. This paper examines the current mobile security landscape,
                               including myths surrounding the risks and threats, and how organiza-
                               tions can establish a solid mobile security strategy.
Qwest White Paper: Mobile Security




The Mobile Landscape                                               a work-from-anywhere preference. However, working
                                                                   outside the office guarded by firewalls and intrusion
The mobile workforce is increasing. More than 17 mil-              measures can increase risks for businesses. Dispersed
lion Americans got their work done via telecommuting               employees have lower visibility than those in the office.
in 2008, a 74 percent increase over the previous three             It requires resources, time and technology to remotely
years, according to WorldatWork Telework Trendlines.               monitor and control which sites users visit, the informa-
How is this changing our workforce? Mobile work                    tion they exchange and the online connections they use.
encourages cross-pollination of different cultures with
                                                                   “Given our business as an international communications
fresh ideas and innovative practices for collaborative
                                                                   solution provider, our challenges are often compounded
teams. In a telecommuting survey sponsored by Robert
                                                                   by the need to support customers and business func-
Half International, 53 percent of respondents said the
                                                                   tions in a variety of locations,” says Michael Glenn,
ability to work at home is important to their employment
                                                                   director of Information Security and chief information
choice. In the most recent annual telework survey by
                                                                   security official (CISO) at Qwest Communications Inter-
CDW Corp., 40 percent of the respondents agreed that
                                                                   national Inc., a managed security provider.
“the option to telecommute would influence their deci-
sion to remain with their employer or take a new job.”             Employees now connect and work via wireless networks
                                                                   and Wi-Fi hotspots and expect to access data 24x7 from
On the one hand, teleworkers help alleviate the daily mi-
                                                                   their personal smartphones. Unencrypted wireless ac-
nutiae of managing in-house employees, giving manage-
                                                                   cess points often do not offer the security levels neces-
ment more time to strategically develop initiatives. But
                                                                   sary to protect corporate data. Unencrypted public wire-
on the other hand, a dispersed team of mobile workers
                                                                   less access makes it possible for an outsider to detect a
creates more work and new concerns for IT managers.
                                                                   user, enter a wireless network and potentially steal data.
For example, in a recent survey of CIOs, 45 percent said
                                                                   The same scenario is not true with encryption, where
they were not confident that their company’s policies
                                                                   data is modified to prevent access.
and security measures prevent mobile employees from
sending confidential information to unauthorized third             Unencrypted hotspots are causing concern about the in-
parties—such as sending company information from a                 tegrity and safety of wireless access; 47 percent of CIOs
laptop to a home PC (IDG Research Services on behalf of            and IT leaders say they are not very or not at all confident
Fiberlink Communications, 2008).                                   that their company’s policies and security measures pre-
Ensuring security is a formidable challenge for IT manag-          vent mobile employees from accessing the Internet via
ers. Mobility creates opportunity for hackers and preda-           unencrypted public wireless access points (IDG Research
tors and increases other threats and vulnerabilities. It           Services for Fiberlink Communications, 2008).
requires a new approach to security management, in-                Myth 2: Existing mobile security programs are good
cluding an assessment of security plans and policies and,          enough as is and don’t require investment or long-term
ultimately, the creation of a mobile security strategy.            planning.

Identifying Myths                                                  Many IT managers believe that their existing mobile
                                                                   policies are sufficient to mitigate risk. However, vulner-
Before development of a strategy for securing mobile
                                                                   abilities and threats constantly change, as do the ways
workers and data, some common myths about IT secu-
                                                                   predators exploit weaknesses in IT infrastructure.
rity practices should be clarified and dispelled.
                                                                   Mobile users and the technology used to accommodate
Myth 1: Having a core security program in the office
                                                                   them are growing and changing. For example, it took
environment means that IT assets and data are safe
                                                                   BlackBerry five years to get its first million users, just
everywhere.
                                                                   another 10 months to get its second million and six
Mobile security is not confined to the office or headquar-         months for the next million. Today the company has
ters location. Wherever a mobile worker goes, so goes              more than 28 million users. The steep increase in usage
a virtual office. The price and performance of laptops,            and the evolving need for new features and capabilities
coupled with wireless access availability, have created            have heightened the risks and vulnerabilities.

                                                             [2]
Qwest White Paper: Mobile Security




Complying with encryption regulations and controlling                 rity concerns are the leading objection to outsourcing.
threats requires vigilant monitoring processes, because               However, roughly half of these IT executives reported
blind spots exist when assets are deployed in remote                  that they are still likely to outsource some type of data,
places. Workers travel everywhere with their laptops,                 voice or network service over the next 18 months (IDG
smartphones and other equipment. They can work virtu-                 Research Services and Fortune on behalf of Qwest Com-
ally anywhere. An unnoticed vulnerability potentially                 munications, May 2009). In the research, cost savings
exposes proprietary data to unwanted parties.                         were the most frequently cited benefit of outsourcing,
                                                                      followed by access to expertise.
Myth 3: Do-it-yourself managed mobile security is a
better, less costly alternative to outsourcing.                       Building an in-house program requires staff and technol-
In recent research, CIOs declared that privacy and secu-              ogy, and ultimately, investment. And sometimes having




Five Steps to Reduce                                                  3. DEVEloP a SPEciFic Policy to PRotEct
                                                                         thE oRganization
Mobile Blind Spots
                                                                      r Develop a policy for damaged, lost or stolen mobile
Today’s mobile workers are everywhere. From their kitchen                devices, and protect sensitive information as necessary.
tables to airports to remote office locations to headquar-
                                                                      r Monitor deployment of encryption tools, and prevent
ters offices, they roam past geographic boundaries and
                                                                         employees from copying or distributing sensitive data.
operate on many different networks. A wide variety of
                                                                         Ensure your company’s ability to meet e-discovery
vulnerabilities can potentially threaten and damage an
                                                                         obligations.
organization’s IT systems and data. Here are five steps se-
curity managers can take to reduce these risks and ensure             r Make sure your policies enable you to monitor company
that mobile blind spots do not bring unwanted publicity                  data and meet all compliance and legal obligations from
and costs to the organization.                                           company-issued as well as personal mobile devices.
                                                                      r Track and document the status and condition of mobile
1. EnSuRE ViSiBility                                                     and remote systems software.

r Continually monitor the health and compliance of all
   laptops with tools for monitoring applications, flagging           4. tiE accESS to DiREctoRiES, iDEntitiES
   those that are out of company compliance and encrypt-                 anD RolES
   ing and locking down sensitive data deployed in                    r Allow access to the resources on the corporate net-
   a laptop or other device.                                             work based on the individual, that person’s role and
r Enforce policies and do remediation as needed.                         organizational policy.
                                                                      r Ensure that licensed content, digital rights and the
2. PRotEct SEnSitiVE Data on BuSinESS                                    distribution of content are protected.
   EnDPointS                                                          r Secure integrated communications for VoIP, e-mail and
r Monitor, protect and update mobile devices, including                  e-commerce transactions.
   those outside the corporate LAN, with tools that provide           r Enable the image that appears on the remote workstation
   secure access to the company network via an optional                  to be identical to that on the home office workstation.
   virtual private network (VPN) client, as well as authenti-
   cation and encryption.                                             5. EnFoRcE PRoDuctiVity
r Monitor and enforce rules about and remediate obso-                 r Notify employees that instant message conversations
   lete software. Provide adequate security protection for               are monitored and that logs are stored for possible
   device use from any location.                                         management review and e-discovery obligations.
r Disable noncompliant endpoints.                                     r Monitor, audit and collect usage statistics for manage-
r Set boundaries for information transfer.                               ment purposes.



                                                                [3]
Qwest White Paper: Mobile Security




an internal, dedicated staff equipped with the most-up-           Complying with regulations and identifying vulner-
to-date security technologies can turn out to be more             abilities are significant business benefits of using an
expensive than hiring a managed service provider. It’s            outsourced mobile security partner. A provider can also
important to perform a cost analysis of do-it-yourself            help prevent costly incidents that degrade the brand
versus outsourced managed security.                               identity of the organization and that have extended
                                                                  costs. For example, the Department of Veterans Af-
Myth 4: In-house staff is always up to date on the
                                                                  fairs incident led to an outcry from the general public
latest security threats and trained in the processes,
                                                                  and government leaders who questioned the security
solutions and equipment needed to combat them.
                                                                  governance of its mobile workers. This reflected on the
Managed security providers bring expertise in finding             integrity of the organization.
solutions to fit complex problems, solutions that may
                                                                  In addition, a security breach has costs that extend
not be available in-house. With cross-industry experi-
                                                                  beyond those directly related to the incident. A recent
ence, an outsourcing provider must stay abreast of
                                                                  study by the Ponemon Institute found that the loss of one
developing threats and investigate products and secu-
                                                                  laptop costs an average of $49,246. On top of the actual
rity solutions to address them. Their experience affords
                                                                  replacement of the notebook, larger expenses include
recommendations that save time and money.
                                                                  costs associated with investigating the incident, the loss
                                                                  of intellectual property and data and compliance with
The Compliance Conundrum                                          regulatory requirements related to the breach.
Understanding misconceptions is the first step toward             A managed security provider can help protect the or-
improving mobile security. However, the steady growth             ganization by establishing a mobile security strategy to
of industry compliance requirements makes the task of             prevent such incidents. For example, having a compre-
managing it even more daunting.                                   hensive inventory of mobile assets and the ability to re-
                                                                  motely disable them can prevent consequential damage
Some of these regulations, or parts of them, promote
                                                                  from theft and intrusion by predators.
data protection within particular industries. For ex-
ample, the Gramm-Leach-Bliley Act (GLBA) has privacy              A managed security partner also provides metrics for
stipulations to protect information in the financial              ongoing security maintenance and protection—such as
services industry. The Healthcare Insurance Portability           how mobile workers communicate, how often they are
and Accountability Act (HIPAA) sets standards for health          online, the Web sites they visit and when and how data
care coverage and transactions, including safe-harbor             is exchanged. This knowledge aids in decision-making
provisions if data is encrypted to specific standards.            and overall security strategy.
Payment Card Industry (PCI) standards govern data used
in payment card transactions. The U.S. Federal Trade              Conclusion
Commission (FTC) also has information protection rules
that apply. Not meeting compliance requirements can               Our universal mobile workforce is steadily growing. Like-
mean hefty fines and expensive consequences.                      wise, the need to manage the security of the devices
                                                                  and data used by these workers is also increasing. It’s
In addition, some states in the U.S.—including Massa-             important to understand the challenges and miscon-
chusetts and Nevada—will soon require encryption on               ceptions about security in terms of complacency, cost,
all mobile devices, including smartphones, if they con-           experience and do-it-yourself security management.
tain personal information. Further, companies must be
                                                                  In addition, a rise in compliance requirements has
able to retrieve data from mobile devices if the informa-
                                                                  caused IT managers with limited resources to seek out-
tion is pertinent to a discovery motion or lawsuit.
                                                                  side help to meet these requirements. Having a mobile
New compliance requirements necessitate safeguards                security program that incorporates a trusted managed
such as network monitoring, data tracking, firewall con-          security provider is a best business practice and an es-
figuration and access control programs—areas where                sential ingredient in protecting today’s enterprises.
outsourced security services are valuable.
                                                                  For more information, visit www.qwest.com/business.


                                                            [4]

Contenu connexe

Tendances

Telefónica security io_t_final
Telefónica security io_t_finalTelefónica security io_t_final
Telefónica security io_t_finalChristopher Wang
 
Closing the gaps in enterprise data security: A model for 360 degrees protection
Closing the gaps in enterprise data security: A model for 360 degrees protectionClosing the gaps in enterprise data security: A model for 360 degrees protection
Closing the gaps in enterprise data security: A model for 360 degrees protectionFindWhitePapers
 
Reaching For The Cloud Wp101366
Reaching For The Cloud Wp101366Reaching For The Cloud Wp101366
Reaching For The Cloud Wp101366Erik Ginalick
 
2013 global security report
2013 global security report2013 global security report
2013 global security reportYury Chemerkin
 
Netop Remote Control Embedded Devices
Netop Remote Control Embedded DevicesNetop Remote Control Embedded Devices
Netop Remote Control Embedded DevicesNetop
 
Economist Intelligence Unit_mobile_data_120928
Economist Intelligence Unit_mobile_data_120928Economist Intelligence Unit_mobile_data_120928
Economist Intelligence Unit_mobile_data_120928Datafield
 
IT summit 2014-program
IT summit 2014-programIT summit 2014-program
IT summit 2014-programPaige Rasid
 
Dell's Intelligent Data Management Strategy by IDC
Dell's Intelligent Data Management Strategy by IDCDell's Intelligent Data Management Strategy by IDC
Dell's Intelligent Data Management Strategy by IDCarms8586
 
Carbon Black: 32 Security Experts on Changing Endpoint Security
Carbon Black: 32 Security Experts on Changing Endpoint SecurityCarbon Black: 32 Security Experts on Changing Endpoint Security
Carbon Black: 32 Security Experts on Changing Endpoint SecurityMighty Guides, Inc.
 
Getting ahead of compromise
Getting ahead of compromiseGetting ahead of compromise
Getting ahead of compromiseCMR WORLD TECH
 
Good Security Whitepaper
Good Security WhitepaperGood Security Whitepaper
Good Security Whitepapergenasun
 
2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging Threats2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging ThreatsLumension
 
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITYSYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITYIJNSA Journal
 
Revolution Or Evolution Exec Summary
Revolution Or Evolution Exec SummaryRevolution Or Evolution Exec Summary
Revolution Or Evolution Exec SummaryWilliam Beer
 

Tendances (18)

Telefónica security io_t_final
Telefónica security io_t_finalTelefónica security io_t_final
Telefónica security io_t_final
 
Closing the gaps in enterprise data security: A model for 360 degrees protection
Closing the gaps in enterprise data security: A model for 360 degrees protectionClosing the gaps in enterprise data security: A model for 360 degrees protection
Closing the gaps in enterprise data security: A model for 360 degrees protection
 
Reaching For The Cloud Wp101366
Reaching For The Cloud Wp101366Reaching For The Cloud Wp101366
Reaching For The Cloud Wp101366
 
Mobile Application Security
Mobile Application Security Mobile Application Security
Mobile Application Security
 
2013 global security report
2013 global security report2013 global security report
2013 global security report
 
Netop Remote Control Embedded Devices
Netop Remote Control Embedded DevicesNetop Remote Control Embedded Devices
Netop Remote Control Embedded Devices
 
Economist Intelligence Unit_mobile_data_120928
Economist Intelligence Unit_mobile_data_120928Economist Intelligence Unit_mobile_data_120928
Economist Intelligence Unit_mobile_data_120928
 
IT summit 2014-program
IT summit 2014-programIT summit 2014-program
IT summit 2014-program
 
Dell's Intelligent Data Management Strategy by IDC
Dell's Intelligent Data Management Strategy by IDCDell's Intelligent Data Management Strategy by IDC
Dell's Intelligent Data Management Strategy by IDC
 
csxnewsletter
csxnewslettercsxnewsletter
csxnewsletter
 
Carbon Black: 32 Security Experts on Changing Endpoint Security
Carbon Black: 32 Security Experts on Changing Endpoint SecurityCarbon Black: 32 Security Experts on Changing Endpoint Security
Carbon Black: 32 Security Experts on Changing Endpoint Security
 
Getting ahead of compromise
Getting ahead of compromiseGetting ahead of compromise
Getting ahead of compromise
 
Good Security Whitepaper
Good Security WhitepaperGood Security Whitepaper
Good Security Whitepaper
 
2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging Threats2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging Threats
 
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITYSYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
 
Volume2 chapter1 security
Volume2 chapter1 securityVolume2 chapter1 security
Volume2 chapter1 security
 
The Cellular Business Model 2010
The Cellular Business Model 2010The Cellular Business Model 2010
The Cellular Business Model 2010
 
Revolution Or Evolution Exec Summary
Revolution Or Evolution Exec SummaryRevolution Or Evolution Exec Summary
Revolution Or Evolution Exec Summary
 

En vedette

(179) citizenship council (august 2011)
(179) citizenship council (august 2011)(179) citizenship council (august 2011)
(179) citizenship council (august 2011)Citizen Network
 
Tri net eguide_hiring_2012
Tri net eguide_hiring_2012Tri net eguide_hiring_2012
Tri net eguide_hiring_2012ReadWrite
 
(181) mh & primary care (september 2011)
(181) mh & primary care (september 2011)(181) mh & primary care (september 2011)
(181) mh & primary care (september 2011)Citizen Network
 
SOKAK SANATI,STREET ART 3
SOKAK SANATI,STREET ART 3SOKAK SANATI,STREET ART 3
SOKAK SANATI,STREET ART 3***
 
Net access web page configurations
Net access web page configurationsNet access web page configurations
Net access web page configurationsAlex Tan
 

En vedette (7)

Marketing Research
Marketing ResearchMarketing Research
Marketing Research
 
(179) citizenship council (august 2011)
(179) citizenship council (august 2011)(179) citizenship council (august 2011)
(179) citizenship council (august 2011)
 
Tri net eguide_hiring_2012
Tri net eguide_hiring_2012Tri net eguide_hiring_2012
Tri net eguide_hiring_2012
 
(181) mh & primary care (september 2011)
(181) mh & primary care (september 2011)(181) mh & primary care (september 2011)
(181) mh & primary care (september 2011)
 
Eco Expo: Website Globalization Case Study
Eco Expo: Website Globalization Case StudyEco Expo: Website Globalization Case Study
Eco Expo: Website Globalization Case Study
 
SOKAK SANATI,STREET ART 3
SOKAK SANATI,STREET ART 3SOKAK SANATI,STREET ART 3
SOKAK SANATI,STREET ART 3
 
Net access web page configurations
Net access web page configurationsNet access web page configurations
Net access web page configurations
 

Similaire à The Essential Ingredient for Today's Enterprise

AST-0002415_MobileSecurity-CIO
AST-0002415_MobileSecurity-CIOAST-0002415_MobileSecurity-CIO
AST-0002415_MobileSecurity-CIOJim Romeo
 
AST-0002415_MobileSecurity-CIO
AST-0002415_MobileSecurity-CIOAST-0002415_MobileSecurity-CIO
AST-0002415_MobileSecurity-CIOJim Romeo
 
PulseSecure_Report_HybridIT_120715
PulseSecure_Report_HybridIT_120715PulseSecure_Report_HybridIT_120715
PulseSecure_Report_HybridIT_120715Jim Romeo
 
Why Cybersecurity is a Data Problem
Why Cybersecurity is a Data ProblemWhy Cybersecurity is a Data Problem
Why Cybersecurity is a Data ProblemBernard Marr
 
Top 3 security concerns for enterprises
Top 3 security concerns for enterprisesTop 3 security concerns for enterprises
Top 3 security concerns for enterprisesTaranggg11
 
IDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based SecurityIDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based Securityarms8586
 
Networking Plus December 2014: Connecting Mobile Workers
Networking Plus December 2014: Connecting Mobile WorkersNetworking Plus December 2014: Connecting Mobile Workers
Networking Plus December 2014: Connecting Mobile WorkersEric Wong
 
kaspersky presentation for palette business solution June 2016 v1.0.
kaspersky presentation for palette business solution June 2016 v1.0.kaspersky presentation for palette business solution June 2016 v1.0.
kaspersky presentation for palette business solution June 2016 v1.0.Onwubiko Emmanuel
 
Cyber Security Trends - Where the Industry Is Heading in an Uncertainty
Cyber Security Trends - Where the Industry Is Heading in an UncertaintyCyber Security Trends - Where the Industry Is Heading in an Uncertainty
Cyber Security Trends - Where the Industry Is Heading in an UncertaintyOrganization
 
Ten Security Essentials for CIOs
Ten Security Essentials for CIOsTen Security Essentials for CIOs
Ten Security Essentials for CIOsIBM Security
 
B Distributed Workforce Management In The Cloud Wp.En Us
B Distributed Workforce Management In The Cloud Wp.En UsB Distributed Workforce Management In The Cloud Wp.En Us
B Distributed Workforce Management In The Cloud Wp.En UsVishal Shah
 
Wireless survey-report-saa-2016
Wireless survey-report-saa-2016Wireless survey-report-saa-2016
Wireless survey-report-saa-2016Samir Kotarwar
 
Cyber Security Challenges on Latest Technologies
Cyber Security Challenges on Latest TechnologiesCyber Security Challenges on Latest Technologies
Cyber Security Challenges on Latest TechnologiesIRJET Journal
 
Pat Pather- Cyber Security Unchartered: Vigilance, Innovation and Adaptability
Pat Pather- Cyber Security Unchartered: Vigilance, Innovation and AdaptabilityPat Pather- Cyber Security Unchartered: Vigilance, Innovation and Adaptability
Pat Pather- Cyber Security Unchartered: Vigilance, Innovation and Adaptabilityitnewsafrica
 
Key Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsKey Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsTripwire
 
Cisco 2013 Annual Security Report
Cisco 2013 Annual Security ReportCisco 2013 Annual Security Report
Cisco 2013 Annual Security ReportKim Jensen
 
Todays Mobile Cybersecurity
Todays Mobile CybersecurityTodays Mobile Cybersecurity
Todays Mobile CybersecurityVivastream
 
Secure data access in a mobile universe
Secure data access in a mobile universeSecure data access in a mobile universe
Secure data access in a mobile universespencerharry
 

Similaire à The Essential Ingredient for Today's Enterprise (20)

AST-0002415_MobileSecurity-CIO
AST-0002415_MobileSecurity-CIOAST-0002415_MobileSecurity-CIO
AST-0002415_MobileSecurity-CIO
 
AST-0002415_MobileSecurity-CIO
AST-0002415_MobileSecurity-CIOAST-0002415_MobileSecurity-CIO
AST-0002415_MobileSecurity-CIO
 
CIO Mobility Playbook
CIO Mobility PlaybookCIO Mobility Playbook
CIO Mobility Playbook
 
PulseSecure_Report_HybridIT_120715
PulseSecure_Report_HybridIT_120715PulseSecure_Report_HybridIT_120715
PulseSecure_Report_HybridIT_120715
 
Why Cybersecurity is a Data Problem
Why Cybersecurity is a Data ProblemWhy Cybersecurity is a Data Problem
Why Cybersecurity is a Data Problem
 
Top 3 security concerns for enterprises
Top 3 security concerns for enterprisesTop 3 security concerns for enterprises
Top 3 security concerns for enterprises
 
IDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based SecurityIDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based Security
 
Networking Plus December 2014: Connecting Mobile Workers
Networking Plus December 2014: Connecting Mobile WorkersNetworking Plus December 2014: Connecting Mobile Workers
Networking Plus December 2014: Connecting Mobile Workers
 
kaspersky presentation for palette business solution June 2016 v1.0.
kaspersky presentation for palette business solution June 2016 v1.0.kaspersky presentation for palette business solution June 2016 v1.0.
kaspersky presentation for palette business solution June 2016 v1.0.
 
Cyber Security Trends - Where the Industry Is Heading in an Uncertainty
Cyber Security Trends - Where the Industry Is Heading in an UncertaintyCyber Security Trends - Where the Industry Is Heading in an Uncertainty
Cyber Security Trends - Where the Industry Is Heading in an Uncertainty
 
Resilience in the Cyber Era
Resilience in the Cyber EraResilience in the Cyber Era
Resilience in the Cyber Era
 
Ten Security Essentials for CIOs
Ten Security Essentials for CIOsTen Security Essentials for CIOs
Ten Security Essentials for CIOs
 
B Distributed Workforce Management In The Cloud Wp.En Us
B Distributed Workforce Management In The Cloud Wp.En UsB Distributed Workforce Management In The Cloud Wp.En Us
B Distributed Workforce Management In The Cloud Wp.En Us
 
Wireless survey-report-saa-2016
Wireless survey-report-saa-2016Wireless survey-report-saa-2016
Wireless survey-report-saa-2016
 
Cyber Security Challenges on Latest Technologies
Cyber Security Challenges on Latest TechnologiesCyber Security Challenges on Latest Technologies
Cyber Security Challenges on Latest Technologies
 
Pat Pather- Cyber Security Unchartered: Vigilance, Innovation and Adaptability
Pat Pather- Cyber Security Unchartered: Vigilance, Innovation and AdaptabilityPat Pather- Cyber Security Unchartered: Vigilance, Innovation and Adaptability
Pat Pather- Cyber Security Unchartered: Vigilance, Innovation and Adaptability
 
Key Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsKey Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The Experts
 
Cisco 2013 Annual Security Report
Cisco 2013 Annual Security ReportCisco 2013 Annual Security Report
Cisco 2013 Annual Security Report
 
Todays Mobile Cybersecurity
Todays Mobile CybersecurityTodays Mobile Cybersecurity
Todays Mobile Cybersecurity
 
Secure data access in a mobile universe
Secure data access in a mobile universeSecure data access in a mobile universe
Secure data access in a mobile universe
 

Plus de ReadWrite

Networks, Networks Everywhere, And Not A Packet To Drink
Networks, Networks Everywhere, And Not A Packet To DrinkNetworks, Networks Everywhere, And Not A Packet To Drink
Networks, Networks Everywhere, And Not A Packet To DrinkReadWrite
 
IoT Standards: The Next Generation
IoT Standards: The Next GenerationIoT Standards: The Next Generation
IoT Standards: The Next GenerationReadWrite
 
Designing For Smarties
Designing For SmartiesDesigning For Smarties
Designing For SmartiesReadWrite
 
Dude, Where's My Product?
Dude, Where's My Product?Dude, Where's My Product?
Dude, Where's My Product?ReadWrite
 
Senator Al Franken's Letter To Uber CEO Travis Kalanick
Senator Al Franken's Letter To Uber CEO Travis KalanickSenator Al Franken's Letter To Uber CEO Travis Kalanick
Senator Al Franken's Letter To Uber CEO Travis KalanickReadWrite
 
Where In The World Is The Fastest Broadband?
Where In The World Is The Fastest Broadband?Where In The World Is The Fastest Broadband?
Where In The World Is The Fastest Broadband?ReadWrite
 
Our Bodies, Disconnected: The Future Of Fitness APIs
Our Bodies, Disconnected: The Future Of Fitness APIsOur Bodies, Disconnected: The Future Of Fitness APIs
Our Bodies, Disconnected: The Future Of Fitness APIsReadWrite
 
White paper why they chose integrated hr outsourcing- a look at three small ...
White paper  why they chose integrated hr outsourcing- a look at three small ...White paper  why they chose integrated hr outsourcing- a look at three small ...
White paper why they chose integrated hr outsourcing- a look at three small ...ReadWrite
 
White paper what is a peo-
White paper  what is a peo-White paper  what is a peo-
White paper what is a peo-ReadWrite
 
White paper options for handling your hr function[1]
White paper  options for handling your hr function[1]White paper  options for handling your hr function[1]
White paper options for handling your hr function[1]ReadWrite
 
Tri net wp_buildsuccess
Tri net wp_buildsuccessTri net wp_buildsuccess
Tri net wp_buildsuccessReadWrite
 
Tri net wp_10_principles_hc_plan
Tri net wp_10_principles_hc_planTri net wp_10_principles_hc_plan
Tri net wp_10_principles_hc_planReadWrite
 
White paper top 5 hr compliance concerns for small business
White paper  top 5 hr compliance concerns for small businessWhite paper  top 5 hr compliance concerns for small business
White paper top 5 hr compliance concerns for small businessReadWrite
 
Augmented Reality for Marketers and Developers: Analysis of the Leaders, the ...
Augmented Reality for Marketers and Developers: Analysis of the Leaders, the ...Augmented Reality for Marketers and Developers: Analysis of the Leaders, the ...
Augmented Reality for Marketers and Developers: Analysis of the Leaders, the ...ReadWrite
 
The Real-Time Web and its Future
The Real-Time Web and its FutureThe Real-Time Web and its Future
The Real-Time Web and its FutureReadWrite
 
Guide to Online Community Management
Guide to Online Community ManagementGuide to Online Community Management
Guide to Online Community ManagementReadWrite
 
V mware white paper virtualizing business-critical applications with confidence
V mware white paper  virtualizing business-critical applications with confidenceV mware white paper  virtualizing business-critical applications with confidence
V mware white paper virtualizing business-critical applications with confidenceReadWrite
 
Security for v mware
Security for v mwareSecurity for v mware
Security for v mwareReadWrite
 
Wp 7108 - 50000 seat vmware view deployment
Wp 7108 - 50000 seat vmware view deploymentWp 7108 - 50000 seat vmware view deployment
Wp 7108 - 50000 seat vmware view deploymentReadWrite
 

Plus de ReadWrite (20)

Networks, Networks Everywhere, And Not A Packet To Drink
Networks, Networks Everywhere, And Not A Packet To DrinkNetworks, Networks Everywhere, And Not A Packet To Drink
Networks, Networks Everywhere, And Not A Packet To Drink
 
IoT Standards: The Next Generation
IoT Standards: The Next GenerationIoT Standards: The Next Generation
IoT Standards: The Next Generation
 
Designing For Smarties
Designing For SmartiesDesigning For Smarties
Designing For Smarties
 
Dude, Where's My Product?
Dude, Where's My Product?Dude, Where's My Product?
Dude, Where's My Product?
 
Senator Al Franken's Letter To Uber CEO Travis Kalanick
Senator Al Franken's Letter To Uber CEO Travis KalanickSenator Al Franken's Letter To Uber CEO Travis Kalanick
Senator Al Franken's Letter To Uber CEO Travis Kalanick
 
Where In The World Is The Fastest Broadband?
Where In The World Is The Fastest Broadband?Where In The World Is The Fastest Broadband?
Where In The World Is The Fastest Broadband?
 
Our Bodies, Disconnected: The Future Of Fitness APIs
Our Bodies, Disconnected: The Future Of Fitness APIsOur Bodies, Disconnected: The Future Of Fitness APIs
Our Bodies, Disconnected: The Future Of Fitness APIs
 
White paper why they chose integrated hr outsourcing- a look at three small ...
White paper  why they chose integrated hr outsourcing- a look at three small ...White paper  why they chose integrated hr outsourcing- a look at three small ...
White paper why they chose integrated hr outsourcing- a look at three small ...
 
White paper what is a peo-
White paper  what is a peo-White paper  what is a peo-
White paper what is a peo-
 
White paper options for handling your hr function[1]
White paper  options for handling your hr function[1]White paper  options for handling your hr function[1]
White paper options for handling your hr function[1]
 
Tri net wp_buildsuccess
Tri net wp_buildsuccessTri net wp_buildsuccess
Tri net wp_buildsuccess
 
Tri net wp_10_principles_hc_plan
Tri net wp_10_principles_hc_planTri net wp_10_principles_hc_plan
Tri net wp_10_principles_hc_plan
 
Peo study
Peo studyPeo study
Peo study
 
White paper top 5 hr compliance concerns for small business
White paper  top 5 hr compliance concerns for small businessWhite paper  top 5 hr compliance concerns for small business
White paper top 5 hr compliance concerns for small business
 
Augmented Reality for Marketers and Developers: Analysis of the Leaders, the ...
Augmented Reality for Marketers and Developers: Analysis of the Leaders, the ...Augmented Reality for Marketers and Developers: Analysis of the Leaders, the ...
Augmented Reality for Marketers and Developers: Analysis of the Leaders, the ...
 
The Real-Time Web and its Future
The Real-Time Web and its FutureThe Real-Time Web and its Future
The Real-Time Web and its Future
 
Guide to Online Community Management
Guide to Online Community ManagementGuide to Online Community Management
Guide to Online Community Management
 
V mware white paper virtualizing business-critical applications with confidence
V mware white paper  virtualizing business-critical applications with confidenceV mware white paper  virtualizing business-critical applications with confidence
V mware white paper virtualizing business-critical applications with confidence
 
Security for v mware
Security for v mwareSecurity for v mware
Security for v mware
 
Wp 7108 - 50000 seat vmware view deployment
Wp 7108 - 50000 seat vmware view deploymentWp 7108 - 50000 seat vmware view deployment
Wp 7108 - 50000 seat vmware view deployment
 

Dernier

UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?SANGHEE SHIN
 
GenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation IncGenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation IncObject Automation
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdfJamie (Taka) Wang
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataCloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataSafe Software
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Spring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfSpring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfAnna Loughnan Colquhoun
 
Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.francesco barbera
 
PicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer ServicePicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer ServiceRenan Moreira de Oliveira
 
Things you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceThings you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceMartin Humpolec
 
Babel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxBabel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxYounusS2
 

Dernier (20)

UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?
 
GenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation IncGenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation Inc
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataCloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Spring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfSpring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdf
 
Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.
 
PicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer ServicePicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer Service
 
Things you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceThings you didn't know you can use in your Salesforce
Things you didn't know you can use in your Salesforce
 
Babel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxBabel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptx
 

The Essential Ingredient for Today's Enterprise

  • 1. White Paper: Mobile Security Mobile Security: The Essential Ingredient for Today’s Enterprise In a well-publicized case, a data analyst em- ployed by the U.S. Department of Veterans Affairs (VA) took his laptop home to suburban Maryland. Burglars entered his home and stole the laptop. Suddenly, the personal information of some 26.5 million veterans was at risk. The incident became an international news story raising caution flags about managed security at the VA. Incidents like this one are not unusual today, and the risk is increas- ing as the mobile workforce grows. Gartner reports that 83.9 percent of businesses have a remote workforce, and by 2011 an estimated 46 million employees globally will telecommute at least one day per week and 112 million will work from home at least one day per month. Software and technology solutions help mitigate security risks and safeguard organizations from threats, but they require IT staff to select, deploy and maintain them. The problem is, today’s IT environments are lean. This paper examines the current mobile security landscape, including myths surrounding the risks and threats, and how organiza- tions can establish a solid mobile security strategy.
  • 2. Qwest White Paper: Mobile Security The Mobile Landscape a work-from-anywhere preference. However, working outside the office guarded by firewalls and intrusion The mobile workforce is increasing. More than 17 mil- measures can increase risks for businesses. Dispersed lion Americans got their work done via telecommuting employees have lower visibility than those in the office. in 2008, a 74 percent increase over the previous three It requires resources, time and technology to remotely years, according to WorldatWork Telework Trendlines. monitor and control which sites users visit, the informa- How is this changing our workforce? Mobile work tion they exchange and the online connections they use. encourages cross-pollination of different cultures with “Given our business as an international communications fresh ideas and innovative practices for collaborative solution provider, our challenges are often compounded teams. In a telecommuting survey sponsored by Robert by the need to support customers and business func- Half International, 53 percent of respondents said the tions in a variety of locations,” says Michael Glenn, ability to work at home is important to their employment director of Information Security and chief information choice. In the most recent annual telework survey by security official (CISO) at Qwest Communications Inter- CDW Corp., 40 percent of the respondents agreed that national Inc., a managed security provider. “the option to telecommute would influence their deci- sion to remain with their employer or take a new job.” Employees now connect and work via wireless networks and Wi-Fi hotspots and expect to access data 24x7 from On the one hand, teleworkers help alleviate the daily mi- their personal smartphones. Unencrypted wireless ac- nutiae of managing in-house employees, giving manage- cess points often do not offer the security levels neces- ment more time to strategically develop initiatives. But sary to protect corporate data. Unencrypted public wire- on the other hand, a dispersed team of mobile workers less access makes it possible for an outsider to detect a creates more work and new concerns for IT managers. user, enter a wireless network and potentially steal data. For example, in a recent survey of CIOs, 45 percent said The same scenario is not true with encryption, where they were not confident that their company’s policies data is modified to prevent access. and security measures prevent mobile employees from sending confidential information to unauthorized third Unencrypted hotspots are causing concern about the in- parties—such as sending company information from a tegrity and safety of wireless access; 47 percent of CIOs laptop to a home PC (IDG Research Services on behalf of and IT leaders say they are not very or not at all confident Fiberlink Communications, 2008). that their company’s policies and security measures pre- Ensuring security is a formidable challenge for IT manag- vent mobile employees from accessing the Internet via ers. Mobility creates opportunity for hackers and preda- unencrypted public wireless access points (IDG Research tors and increases other threats and vulnerabilities. It Services for Fiberlink Communications, 2008). requires a new approach to security management, in- Myth 2: Existing mobile security programs are good cluding an assessment of security plans and policies and, enough as is and don’t require investment or long-term ultimately, the creation of a mobile security strategy. planning. Identifying Myths Many IT managers believe that their existing mobile policies are sufficient to mitigate risk. However, vulner- Before development of a strategy for securing mobile abilities and threats constantly change, as do the ways workers and data, some common myths about IT secu- predators exploit weaknesses in IT infrastructure. rity practices should be clarified and dispelled. Mobile users and the technology used to accommodate Myth 1: Having a core security program in the office them are growing and changing. For example, it took environment means that IT assets and data are safe BlackBerry five years to get its first million users, just everywhere. another 10 months to get its second million and six Mobile security is not confined to the office or headquar- months for the next million. Today the company has ters location. Wherever a mobile worker goes, so goes more than 28 million users. The steep increase in usage a virtual office. The price and performance of laptops, and the evolving need for new features and capabilities coupled with wireless access availability, have created have heightened the risks and vulnerabilities. [2]
  • 3. Qwest White Paper: Mobile Security Complying with encryption regulations and controlling rity concerns are the leading objection to outsourcing. threats requires vigilant monitoring processes, because However, roughly half of these IT executives reported blind spots exist when assets are deployed in remote that they are still likely to outsource some type of data, places. Workers travel everywhere with their laptops, voice or network service over the next 18 months (IDG smartphones and other equipment. They can work virtu- Research Services and Fortune on behalf of Qwest Com- ally anywhere. An unnoticed vulnerability potentially munications, May 2009). In the research, cost savings exposes proprietary data to unwanted parties. were the most frequently cited benefit of outsourcing, followed by access to expertise. Myth 3: Do-it-yourself managed mobile security is a better, less costly alternative to outsourcing. Building an in-house program requires staff and technol- In recent research, CIOs declared that privacy and secu- ogy, and ultimately, investment. And sometimes having Five Steps to Reduce 3. DEVEloP a SPEciFic Policy to PRotEct thE oRganization Mobile Blind Spots r Develop a policy for damaged, lost or stolen mobile Today’s mobile workers are everywhere. From their kitchen devices, and protect sensitive information as necessary. tables to airports to remote office locations to headquar- r Monitor deployment of encryption tools, and prevent ters offices, they roam past geographic boundaries and employees from copying or distributing sensitive data. operate on many different networks. A wide variety of Ensure your company’s ability to meet e-discovery vulnerabilities can potentially threaten and damage an obligations. organization’s IT systems and data. Here are five steps se- curity managers can take to reduce these risks and ensure r Make sure your policies enable you to monitor company that mobile blind spots do not bring unwanted publicity data and meet all compliance and legal obligations from and costs to the organization. company-issued as well as personal mobile devices. r Track and document the status and condition of mobile 1. EnSuRE ViSiBility and remote systems software. r Continually monitor the health and compliance of all laptops with tools for monitoring applications, flagging 4. tiE accESS to DiREctoRiES, iDEntitiES those that are out of company compliance and encrypt- anD RolES ing and locking down sensitive data deployed in r Allow access to the resources on the corporate net- a laptop or other device. work based on the individual, that person’s role and r Enforce policies and do remediation as needed. organizational policy. r Ensure that licensed content, digital rights and the 2. PRotEct SEnSitiVE Data on BuSinESS distribution of content are protected. EnDPointS r Secure integrated communications for VoIP, e-mail and r Monitor, protect and update mobile devices, including e-commerce transactions. those outside the corporate LAN, with tools that provide r Enable the image that appears on the remote workstation secure access to the company network via an optional to be identical to that on the home office workstation. virtual private network (VPN) client, as well as authenti- cation and encryption. 5. EnFoRcE PRoDuctiVity r Monitor and enforce rules about and remediate obso- r Notify employees that instant message conversations lete software. Provide adequate security protection for are monitored and that logs are stored for possible device use from any location. management review and e-discovery obligations. r Disable noncompliant endpoints. r Monitor, audit and collect usage statistics for manage- r Set boundaries for information transfer. ment purposes. [3]
  • 4. Qwest White Paper: Mobile Security an internal, dedicated staff equipped with the most-up- Complying with regulations and identifying vulner- to-date security technologies can turn out to be more abilities are significant business benefits of using an expensive than hiring a managed service provider. It’s outsourced mobile security partner. A provider can also important to perform a cost analysis of do-it-yourself help prevent costly incidents that degrade the brand versus outsourced managed security. identity of the organization and that have extended costs. For example, the Department of Veterans Af- Myth 4: In-house staff is always up to date on the fairs incident led to an outcry from the general public latest security threats and trained in the processes, and government leaders who questioned the security solutions and equipment needed to combat them. governance of its mobile workers. This reflected on the Managed security providers bring expertise in finding integrity of the organization. solutions to fit complex problems, solutions that may In addition, a security breach has costs that extend not be available in-house. With cross-industry experi- beyond those directly related to the incident. A recent ence, an outsourcing provider must stay abreast of study by the Ponemon Institute found that the loss of one developing threats and investigate products and secu- laptop costs an average of $49,246. On top of the actual rity solutions to address them. Their experience affords replacement of the notebook, larger expenses include recommendations that save time and money. costs associated with investigating the incident, the loss of intellectual property and data and compliance with The Compliance Conundrum regulatory requirements related to the breach. Understanding misconceptions is the first step toward A managed security provider can help protect the or- improving mobile security. However, the steady growth ganization by establishing a mobile security strategy to of industry compliance requirements makes the task of prevent such incidents. For example, having a compre- managing it even more daunting. hensive inventory of mobile assets and the ability to re- motely disable them can prevent consequential damage Some of these regulations, or parts of them, promote from theft and intrusion by predators. data protection within particular industries. For ex- ample, the Gramm-Leach-Bliley Act (GLBA) has privacy A managed security partner also provides metrics for stipulations to protect information in the financial ongoing security maintenance and protection—such as services industry. The Healthcare Insurance Portability how mobile workers communicate, how often they are and Accountability Act (HIPAA) sets standards for health online, the Web sites they visit and when and how data care coverage and transactions, including safe-harbor is exchanged. This knowledge aids in decision-making provisions if data is encrypted to specific standards. and overall security strategy. Payment Card Industry (PCI) standards govern data used in payment card transactions. The U.S. Federal Trade Conclusion Commission (FTC) also has information protection rules that apply. Not meeting compliance requirements can Our universal mobile workforce is steadily growing. Like- mean hefty fines and expensive consequences. wise, the need to manage the security of the devices and data used by these workers is also increasing. It’s In addition, some states in the U.S.—including Massa- important to understand the challenges and miscon- chusetts and Nevada—will soon require encryption on ceptions about security in terms of complacency, cost, all mobile devices, including smartphones, if they con- experience and do-it-yourself security management. tain personal information. Further, companies must be In addition, a rise in compliance requirements has able to retrieve data from mobile devices if the informa- caused IT managers with limited resources to seek out- tion is pertinent to a discovery motion or lawsuit. side help to meet these requirements. Having a mobile New compliance requirements necessitate safeguards security program that incorporates a trusted managed such as network monitoring, data tracking, firewall con- security provider is a best business practice and an es- figuration and access control programs—areas where sential ingredient in protecting today’s enterprises. outsourced security services are valuable. For more information, visit www.qwest.com/business. [4]