This post is sponsored.
Years ago I worked on consulting projects at Deloitte that focused on building business process security into enterprise systems. Today, business takes place across mobile devices, making security solutions even more complicated. Companies of all sizes are using mobile devices and need to plan and implement mobile security. Gartner Says More than 75 Percent of Mobile Applications will Fail Basic Security Tests Through 2015. Listed below are key steps to build a security infrastructure.
Steps to building a security infrastructure:
- Analyze Your Technology Infrastructure
The first step for any business is to assess their technology architecture including what technology they use and where important data is stored. For example, what business systems do you use across mobile devices and up to the cloud? Include applications such as CRM, backup storage, cloud storage and online platforms that store your information. . Here are a few online resources from Samsung to help with this assessment:
—GigaOm’s Jon Collins spoke with Samsung’s Vice President and CIO on the important aspects of mobile security and what businesses should now about the topic going forward.
— If your business has a bring your own device (BYOD) option, then that is an extra level of security that needs to take place because access to business data will not be centralized on business devices.
- Determine The Types of Mobile Security Threats:
Then the next step is to understand possible threats where a security infrastructure will be important. For example, recent news stories highlighted that even your laptop webcam can be a security threat so it is important to cover it up (like Mark Zuckerberg now does!). The top three mobile security threats, according to TechTarget are malware, data leakage via cloud based applications and user error.
Malware ranges from computer viruses to spyware to executable code that is embedded in a user’s files. There are “500 million samples of mobile malware that have been detected, and the growth rate for new malware detections is running at 72 percent per quarter, according to a recent report”.
Employees’ use of cloud-based storage and file sharing applications to store confidential business data can lead to confidential data being “leaked” to non-secured environments. This creates the challenge of data being stored outside of secure internal business systems. To protect from this, businesses can create policies that prohibit storage of confidential data outside approved business systems. But that type of strategy can be challenging in small to medium-sized businesses because of the lower cost and convenience of cloud storage. In response, some cloud storage applications have business level packages that include a more secure environment.
The last key area of security threats is user error. One common example is mobile devices that either have no passcode or one that is easy to guess. Another example is when mobile devices are lost or are used with no- secured WiFi. When visiting conferences or hotels, using their public WiFi can leave unsecured devices open to dangers such as “main-in-the-middle attacks, malware or Wi-Fi sniffing”. VPN (Virtual Private Networks) are also an alternative because it allows users to send data across a public network as if it was a private network.
- Develop A Security Plan:
After understanding the security threats, the next step is to develop a security plan that covers the technology architecture including mobile devices. That plan will depend heavily on the types of devices, applications and operating systems in use. Possible controls to put in the security plan include using a secure mobile platform such as Samsung Knox, Containerization to keep corporate data separated from personal data and enterprise mobility management (EMM) controls that are able to identify compromised devices and can enforce the use of a standard operating system, as well as upgrades and patches. After implementing a security plan, it is important to train your employees in a way that enables them to understand how the plan works and how important security is to the business. Then it is important to set up security audits to make sure test the security and see if any adjustments need to be made.
Disclosure: This post is sponsored by Samsung Business. All thoughts and opinions are my own. For more information, check out Samsung Security Business Services and Samsung MyKnox .