/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsPhilippe Inserra, Asia VP, Identity and Access, Asia, Security Business Unit, Gemalto
The 'Bring Your Own Device' (BYOD) trend is here to stay and Gartner predicts that it will be the top technology trend in 2013. According to a 2013 Vanson Bourne research commissioned by Dell, 70 per cent of companies believe BYOD can improve their work processes and help them work better in the future, while an estimated 59 per cent believe that they would be at a competitive disadvantage without BYOD.
It is drastically changing the way IT departments plan, manage and secure devices and data. While BYOD enables mobility and ease of access which increases productivity, it poses a significant security risk for enterprises. In fact, according to research by British Telecom 73 per cent of IT decision makers in India have admitted to a security breach due to an unauthorized device.
Mobile Security Risks
Mobile malware has grown in the past years, increasing by 155 per cent across all platforms, according to Juniper Research. An increasing number of hackers are targeting mobile devices and user behaviour on mobile operating systems and platforms. Mobile malware uses familiar tactics - Trojans, phishing, spoofing, and man-in-the-middle - for identity theft and unauthorized access to confidential data.
In addition to this, an increasing number of mobile enterprises are now moving to the cloud. Employees need to connect securely over the internet to cloud-based resources, thus making identity management and authentication more complex and challenging.
Lastly, there is always a chance that the users may lose their mobile devices. These devices may contain confidential company information or be used by hackers to gain access to an organization's IT systems.
Measures to strengthen BYOD security
There are a number of ways to mitigate these risks that can provide comprehensive layered mobile security when combined.
The first is mobile device management solutions which can help ensure devices are kept up-to-date with the latest patches, and the ability to remotely wipe data from lost phones and manage apps.
Mobile anti-virus software is another best-practice, but hackers are constantly creating new viruses that avoid detection until they are discovered, leaving mobile devices vulnerable to these 'zero-day' attacks.
However, these two methods alone do not address the issues of access and data protection. IT departments can use a variety of advanced identity and access management systems to provide additional security layers. These measures help ensure that only those authorized employees are able to access certain information as well as enable restricted access to confidential information.
Â
Moreover, identity and access management solutions reduce hacker threats and implement clear protocols for access, thus providing cleaner access to cloud based services as well as enterprise resources on the go.
IT departments can also provide the staff with a personal security device that is independent of the mobile phone such as one-time password (OTP) tokens and smart card ID credentials with digital certificates.
OTP solutions allow for secure remote access from a mobile endpoint and work from an internet browser. Securing network access with an OTP increases the security of the login process by ensuring that the person accessing the network possesses two factors of identity verification - a dynamic password and the OTP device that generates a unique password for each login.
Digital identity certificates on smart card-based identity credentials further raise the mobile security bar and enable many other applications such as digital signature and e-mail and file encryption. The smart card uses its own processor and software which is independent of the PC to authenticate the user. Since this authentication is isolated from the mobile device, users are protected from any threats on the end user device, the network or the internet.
The Future of Mobile Security
An increasing number of data breaches exposing user credentials have raised the need for stronger authentication solutions. Secure elements like SIM/ UICC cards, MicroSD cards or embedded secure elements in next generation mobile devices are the key security feature.
These generate and store information cryptographically and perform the associated algorithms needed for strong authentication. It can sign documents and emails digitally and encrypt data on mobile devices, providing protection against data loss and a high level of security. Additionally, there is also potential to use near field communications (NFC) to enable secure logical and physical access in future.
Conclusion
It is imperative for a CIO to effectively address these mobile device security challenges within an organization, especially with an increasing use of personal computing devices for business applications. This constantly changing enterprise networks landscape has led to further complications for organizations seeking a unified approach to mobile device management.
As cybercrimes become increasingly sophisticated, IT teams face the challenge of securing and enabling access to enterprise infrastructures via a wide range of devices. These solutions can ensure a secure environment for data protection and access and further the trend of BYOD for enterprises in India.