By Stephan Tallent
IT departments have become accustomed to dealing with internal demands for new technology that compromise network security. Beginning with the introduction of the Internet, followed by the Web, IT has had to adapt to a changing environment and utilize network security technologies, such as VPNs, firewalls and intrusion prevention systems (IPS) to safely meet demands for information access. The influx of smartphones and tablets simply continue this trend.
Mobile Security Challenges
While businesses should look to the past for insight into how to deal with emerging security issues, they also need to deal with some of the unique challenges of smartphones and tablets.
- Loss of Control. Many employees have found that mobile devices often do not deliver the same strict policy enforcement capabilities as desktop devices. This policy gap enables these employees to use their mobile devices to access applications and content, such as video streaming, that is denied by standard corporate policy. With mobile devices offering an easy way to bypass the limits normally imposed on them, users are putting a strain on the corporate network and exposing it to additional risk of compromise.
- Increased Potential for Data Loss. With devices operating outside the confines of the traditional brick-and-mortar building, the potential for data loss increases significantly. The threats to mobile users include the risk of malware infection, inadvertent or malicious sharing of critical business data or the devices being lost or stolen. Additionally, rogue wireless networks exist in the public with the sole purpose of stealing unprotected data.
- Inconsistent Security Policies Across Devices. Another challenge for organizations looking to secure mobile devices is the inconsistency of policies across different devices. For every device manufacturer and version of the mobile operating system, there are likely to be differences in what policies can be applied.
Device Security vs. Network Security
While antivirus and VPN clients running on desktops, laptops and mobile devices have a place in any security arsenal, they should not be the foundation for an IT security strategy.
Protection should begin with a network security solution that incorporates the variety of technologies necessary for a multilayered approach, such as firewall, VPN, intrusion prevention and application control. Unified Threat Management (UTM) and next-generation firewalls consolidate multiple functions into a single device and allow IT administrators to easily monitor the flow of data and behavior of the device and the user while they are connected to the network.