By Surendra Singh, Regional Director, India & SAARC- Websense Inc
Websense is a San Diego-based company specializing in Web security gateway software which allows organizations to safely use the web and email while protecting sensitive data. The company has a market cap of $906 Million.
Bring-your-own-device (BYOD) phenomenon is rapidly circumventing enterprise security and policies. With security attacks and data loss resulting from employee use of insecure mobile devices, including laptops, smartphones, USB devices, and tablets; huge losses can be incurred to organizations. In turn companies need to address these issues to securely take advantage of the productivity benefits of mobility.
There have been many attacks on enterprises quite recently like Facebook, Twitter, Evernote and many other enterprises which have reported security breaches and yet many companies are very casual about their security measures. There is no denying that the social web is the new web with nearly every enterprise using it in one way or another. But along with its enormous popularity comes enterprise-size risks and the industry is experiencing a deluge of attacks with each one more strategic than the last. The masterminds, in many cases, are criminal organizations motivated by data and money, rather than fame and mischief as in previous years. This was proven by an advanced persistent threat, known as Aurora, which leveraged Google and a previously unknown Internet Explorer vulnerability to pilfer data. The attack was specifically designed to evade traditional antivirus and Web reputation defenses to gain access to enterprise assets and sensitive information.
Unfortunately, most enterprises are not yet prepared to handle threats like these as they are lacking the proper controls to effectively enforce acceptable use policy, prevent new forms of malware, and protect sensitive data. So, in the race to maximize its potential, enterprises must take due care to completely protect the business against advanced threats and targeted attacks and should enable secure use of the social web and provide data loss prevention (DLP) with inbound and outbound protection.
Mitigating the threat of the security of Intellectual Property
When an employee uses a mobile device, the corporate data that resides on or passes through that device is at great risk of loss. Businesses are put to greater risk due to lost and compromised devices. Intellectual Property such as exclusive product designs, merger and acquisition plans, and financial data need to be handled with utmost care. Loss of this confidential data can harm a company's repute, damage its brand, or make it lose its competitive edge. Loss of sensitive customer data can greatly reduce customer confidence along with monetary loss in the form of hefty regulatory fines. Mitigating this risk requires a combination of education, security tools and best practices. Education should begin by helping users understand that the threat is real and present as no platform is truly safe. Unfortunately, many users perceive mobile threats as 'hype' and do not respect the potential damage their device can inflict on the organization. In addition, recent surveys have revealed that 30 to 50 percent of users do not password protect their devices.
Failure of Mobile Device Management
When data goes mobile, the security risks go up and obviously enterprises need to immediately protect data, and they need to establish and enforce security practices and policies. Mobile device management (MDM) alone cannot protect against these threats and security tools must extend beyond MDM and must address both threats and data loss protection.
An ideal mobile security solution must also provide DLP and protection against phishing, malware and malicious apps. Today, mobile security solutions need to control mobile device security, risk, and compliance on mobile wireless networks and public Wi-Fi networks by integrating web, email, data, and mobile security. Simply put, IT needs a solution that addresses data security and not just the device.
This problem can be addressed by enabling users to confidentially allow the business while helping prevent data loss and IP theft, increasing productivity, reducing network exposure to vulnerabilities, and remaining compliant.
Primarily, there are three steps that enterprises should take into consideration for securing their business in the era of BYOD. Firstly, create and publish a corporate mobile policy (utilize an Acceptable Use Policy (AUP) kit to get started). Secondly, deploy MDM solution. This is a good first step to be able to manage the various devices on the corporate infrastructure and lastly, protect your mobile workforce from advanced threats with a complete security solution, which protects users and the corporate network from malicious links, web attacks, exploits and more.
The Future of Enterprise Mobility
Mobility and the cloud are creating a borderless enterprise where users connect and interact with web-based applications without being on the corporate network. The BYOD phenomenon is rapidly circumventing enterprise security and policies.
The network itself is changing by becoming programmable and dynamically adapting to virtualized datacenters and elastic workloads. This shift necessitates security that is flexible, dynamic, and part of the network fabric - no matter where users and data reside. The surge of mobile devices in the workplace, with their easy access to cloud-based apps and social media sites, increases the risk of data loss or data theft. Today's mobile platforms put unprecedented power and information into the hands of end users. That opens a huge door for data theft and loss. As mobile devices become more pervasive and more employees bring their own smartphones and tablets to work, IT is being challenged like never before.