Mobile & Cloud – The Top Security Concerns of 2016
The mobile has taken center stage in all aspects of life, but its influence is perhaps most noticeable in the corporate sector where the influx of mobile technologies has brought a sea change in the way enterprises operate. The proliferation of mobile has naturally led to concerns regarding security.
Today, 2 out of 3 employees use their mobiles for work-related activities. More and more companies are adopting BYOD’s at their workplace. Mobiles have become a mine of sensitive corporate information and a probable entry point in the IT. In the event of a mobile getting lost or stolen, there is a high chance of sensitive data falling into the wrong hands. For example, according to OCR, there were 253 breaches affecting more than 500 individuals, and running into a combined loss of over 112 million records in healthcare sector. And in Japan, at least 2.07 million sets of personal data were stolen or feared leaked from 140 organizations in 2015, according to a Kyodo News survey. In automobile sector, Mercedes has filed a lawsuit against Benjamin Hoyle (the company’s former employee) for stealing confidential information before leaving to join a rival company. These are perilous security incidents that corporates and companies cannot overlook.
Today, with the tools and content available online, even an average hacker can easily unlock passwords or decrypt confidential, seemingly secured data. Moreover, mobile-operating platform like Android is becoming fertile ground for hackers to launch malicious attack.
Businesses are under threat due to the presence of dedicated hackers who steal corporate data and share it with competitors. Insider threats are also quite increasing with each year; malicious insiders can leak and share important data with others and nullify your data loss prevention system.
There are three 3 specific security concerns as far as enterprise mobility is concerned:
- Loss of company or client data
- Unauthorized access to company information and system
- Malware and hacker attacks
Mobile being a personal device, most of its security challenges can be addressed at individual levels. The onus is on the employees to follow safe and secure password management, conduct cautious installation or upgradation (Gartner says 75% of mobile security breaches will be the result of Mobile Application Misconfiguration, as malware needs to act on devices that have been altered at administrative level), access public Wi-Fi network discreetly and in case of lost or stolen mobile, always have a solution ready to erase all corporate data. As a company, you should play an active role in educating and building mobile-security awareness among the employees.
At technology level, companies can adopt the following steps to prevent mobile breaches:
- Data encryption of all the sensitive information
- Regular security checks and risk assessment for mobile devices
- Access all information through user ID and password
- Grant VPN (Virtual Private Network) and NAC (Network Access Control) on strict security policies
The Cloud security challenges:
Cloud adoption has been increasing because of the obvious benefits like scalability, reduced costs and flexibility. With cloud, you have the luxury to skip tedious process of software development and instantly use web-based services for business. Since the IT assets are not owned physically, the control over data in the cloud gets diluted.
In a shared environment, there is a constant threat of security breach and you become dependent on the reliability and trustworthiness of your cloud vendor. For instance, how your vendor will isolate and secure your data in a shared environment that serves multiple customers, remains a concern for enterprises. Multi-tenancy is a big security challenge in a cloud environment.
Here are the 5 key questions to ask your cloud vendor:
- How do you maintain data integrity for critical mission processes and ensure only authorized transactions?
- How do you encrypt your data using SSL (Secure Sockets Layer Protocol) for safe storage?
- How is compliance addressed? (Since Cloud doesn’t cover most of the computing compliance standard)
- Does it offer smooth transition from one vendor to another and ensure security when you upgrade a cloud application?
- Does it support scalability?
Cloud and mobility go hand in hand, and in the coming days the technologies will get more and more integrated.
Mobile users are accessing enterprise data in the cloud without logging into the corporate network. Increased access through Internet will make it difficult for you to deploy security controls to monitor the activities between mobile users and cloud-based services. There is a need to create administrative access embedded in the systems and applications before deploying into the cloud for stringent monitoring.
Securing your corporate data:
Security needs to be at the forefront of an enterprise agenda. Employers must be made aware that breaches can occur anywhere at anytime and on any device. The risk is even more considering the proliferation of devices and cloud services deployment in the recent times. Hence, they must approach security as a shared and collective responsibility.
Enterprise can follow 3 measures to ensure security:
- Before deploying corporate information on cloud: A thorough risk & vulnerability assessment of people and processes and systems must be conducted, scoped and reviewed with the assistance of security experts.
- Before designing & deploying BYOD platforms: Central management system should have clear-cut policies and procedures with dedicated security administrator in place. Adequate training must be conducted for employees and other users on mobile-related security aspects.
- Before deploying enterprise mobility & cloud services: Consult relevant experts to ensure that all legal and standard compliance terms are critically examined and met.
For expert advice/consultation on regarding cloud security/migration and Enterprise mobility, contact us firstname.lastname@example.org
October 8, 2018
September 27, 2018