The challenges of securing mobile devices
Mobile devices now account for around half of web traffic and inevitably that makes them more attractive to hackers who see new attack routes via mobile apps.
The Information Security Forum is launching a new paper, Securing Mobile Apps: Embracing Mobile, Balancing Control, describing the security challenges associated with acquiring, using and operating mobile apps, and suggesting actions to manage those challenges, while maintaining the business benefits.
"Mobile devices are always on, continuously network connected, and have an affinity for being lost or stolen -- yet typically lack the security protection afforded to IT systems. Consequently, app security is tightly interlinked with mobile devices and the environment in which they operate," says Steve Durbin, managing director of the ISF. "Locking down the mobile app environment may tempt individuals to side-step security controls to run their favorite, yet unapproved and insecure apps on unmanaged personal devices. However, both locking down the mobile environment or leaving it wide open can bring the same result: unapproved apps used for business. Securing Mobile Apps: Embracing Mobile, Balancing Control helps organizations find the right balance."
The ISF believes there are three key lessons for organizations:
- Knowledge is paramount. Managing apps and their risk requires knowing which apps are processing what data, by whom, from where and for what purpose.
- Prohibition is seldom an option; pragmatism is key. The vendor’s app stores provide some security assurance about the apps they contain but cannot determine whether an app is suitable for a particular business use. Whether an app is used or not should be based upon risk, user satisfaction and the extent to which it meets business needs.
- Service is essential. Securing the use of apps in an organization is not just about secure development, the level of IT and security operational support provided should be similar to other types of business applications.
"Mobile apps have affected the lives of many people. They have not only lowered the barrier to using powerful distributed computing services, they have smashed through it," adds Durbin. "The challenge is to service the business need for apps in a secure manner whilst providing individuals with a similar level of freedom, functionality and ease of use they are accustomed to in their personal life. Fail to get the balance right and unauthorized, high-risk apps will be used nevertheless to handle your sensitive information and support critical business processes."
The paper is available to ISF members via the organization's website.