Mobile Security — Multiple level starting points.
The augmented usage of mobile devices has meant that mobile security risks and threats are experiencing a staggering increase. Businesses have recognised this, which means sensitive company information is under threat. Mobile interactions have become an extension of who we are and its more and more customary in our daily lives to access social media, banking and using your favourite coffee location finder to name a few. Curse the day when your secular device ends up in the wrong hands and your private life and all its secrets is accessed but the real trouble starts when the breach is broadened to your business profile. Security risks for mobility devices are similar to the threats that are being considered for corporate networks and internet hacks.
Mobile security is top of the enterprise mobility hierarchy which means that access management and identity management are the starting points to close the hatches for any unwelcomed threats.
These are my recommended ways to secure these devices together with your MDM solution.
- Single Sign On Solutions
Single Sign-On (SSO) provides the ability to log into an app using a single or federated identity like Microsoft AD. Without SSO, users need to remember complex passwords for each app, or worse, they easily remembered weak passwords. This results in a frustratingly tedious workflow having to sign in separately to dozens of different apps during the workday. A suitable solution should enable end-user satisfaction and streamline workflows by providing a single identity to access all business apps. It should also unify and deliver access to apps from all end-user platforms — desktops, laptops and mobile devices.
- Software upgrades
Businesses should follow basic security practices such as accepting the latest OS upgrades and security patches. The main reason anyone has for downloading and installing the latest update is to stay protected from security threats. Older software will continue to have the same bugs and vulnerabilities in the code that allow cyber criminals to get up to no good. This is made even more serious by the fact that all of these exploitable entry points have generally been made public after the release of updates.
- Network Access Control (NAC) management for mobile devices
NAC’s essential function is to pass user and device credentials to a policy control point, where permission to connect to the network is approved or denied and sent to the network switch, which then takes the desired action, such as allowing or denying device access or sending devices to a controlled guest network. With modern NAC systems, organizations can identify and apply security policy to all types of users and network devices attempting to access network resources.
- MDM working with NAC
NAC can integrate with mobile device management (MDM) tools to secure corporate and personal mobile devices. This integration allows for a more uniform view of all users, devices and applications on a corporate network. It also allows organizations to apply a level of security appropriate for the type of user and degree of risk which you are comfortable with. By employing NAC with MDM, organizations can achieve better security and operational efficiency, because the technologies complement each other. NAC protects the network while MDM protects and secures the devices themselves.
- Multifactor authentication
Multi-factor authentication provides a constructive element of layered security by requiring users to prove their identities using two or more verification methods before they can be authenticated. The use of multifactor authentication goes a long way toward protecting mobile credentials. It also gets around some of the problems associated with passwords, such as the use of easy-to-guess passwords or excessive use of the same password.
Putting security first is a sure way to protect your business. Security vulnerabilities change all the time and the cyber criminals are doing more to access your sensitive company information. So revisit your security strategy regularly, there is no doubt that multiple layers are recommended but don’t take the user experience way.
The article is published on medium.com by Peter Hewer, Enterprise Mobility Expert & Management Consultant, and is republished with the author’s permission.