Speaking of security vendors, to read their marketing materials, dodging the pitfalls of deploying mobile devices calls for some hefty investments--so you'll need to determine how many threats are really applicable to your enterprise.
So, follow the risk. The first task is preventing data loss, and just how much information each device contains may surprise you. Smartphones, despite their support for cellular connections, often cache corporate data so it will be accessible even if the user is out of coverage or needs to operate the device with the radio off, as on an airplane. Generally, e-mail will be stored, and Web browsers may save local copies of business Web sites. Corporate applications run the gamut, from acting solely as a presentation layer to access database systems to caching forms, or even entire sections of a database, depending on how the app is engineered.
The first line of defense is encryption, either of folders or the full device, including removable storage such as SD cards. There are trade-offs here: Encrypting all device storage ensures that you won't miss any data, but it can negatively impact performance. Encrypting select folders leaves performance intact but requires continual asset classification to make sure the correct data is being encrypted. Because device speed is increasing and given that users may inadvertently store sensitive data in unencrypted folders, full disk encryption is best.
Much has been made about the need for virus protection on mobile devices. All the major players--including Kaspersky Lab, McAfee, Symantec, and Trend Micro--have some sort of mobile virus protection in their portfolios. Thus far, however, most of the viruses and malware in the wild have been proof of concepts aimed at the Symbian platform, with a handful of Windows Mobile exploits. But Apple's iPhone may be a harbinger of what's to come. Many of the efforts to "unlock" the iPhone to install third-party apps or allow the device to run on other carriers have come through classic exploits like buffer overflow attacks. While Apple has thus far been diligent at patching, there've been some demonstrable exploits to show how the same methods used to unlock the iPhone can be used to subvert the device.
"The thing that concerns me is how easy it is to release malware to a mobile device. Something as simple as taking a BlackBerry and downloading a ring tone to it may be a potential vector," says David Brown of Forsythe Solutions Group, a technology consultant. The key word is "potential." So far there hasn't been an exploit like Brown describes, nor has there been anything close to the impact of the Blaster or Code Red worms released on a mobile platform. In some ways, mobile devices have enjoyed security through obscurity; a fragmented OS landscape helps, too. However, as smartphones become more connected to enterprise networks and desktops become increasingly secure, attackers will focus their sights on mobile devices as the path of least resistance to data. You may not need mobile virus protection yet, but it's worth evaluating for a deployment in the next 12 to 18 months, particularly if you find smartphones rising in profile within your company.
HOLISTIC APPROACH
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
