Security is the most important thing in
everything we see around. It is no exception when it comes to Enterprise
solutions. It is the prime concern for all IT departments and CTO/ CIOs of the
enterprises. Security is generally understood as just the policies and
regulations by end user but we must also note that the enterprise applications
and solution are first candidates to consider security. With the proliferation
of consumer mobile devices into the enterprise networks and BYOD policies it is
even more difficult to keep the enterprise information secure. The workforce
demands to enable wide variety of application onto a scalable mobile platform
throws larger challenges in front of an enterprise. Due to the mobile nature of
the devices and criticality of the information residing on those devices,
security can be the most important thing on any CIO's mind!
The sound mobility roadmap should be built
keeping security at the core and considering growing trends, user profiles and
needs of near future. The security isn't only about extending the IT policies
to devices or computers but effectively building it into the solution
DNA. Companies have realized the importance of
mobilizing and empowering their field force or employees. However, IT is
indebted to choose an implementation, which will not compromise enterprise
security.
Assessing the current security
implementation, understanding enterprise mobile risks, designing a mobile
security policy and selecting a robust mobile security strategy should be a
‘must do’ for the enterprises rather than a ‘good to do’ exercise. The
enterprises have matured in enterprise security practices over the years and
have robust security infrastructure in place for their current system or network
infrastructure. But the enterprise application on tablets or Phones opens up an
array of concerns, which they never had to bother about earlier. There is no
single device/ platform that offers real end-to-end security
infrastructure as well as best use case. So, the challenge is, how do we make
the mobile a trusted device for the enterprises!
Security Approach
To build a robust and secure
policy, one need to visualize the security as multilayered approach. Ideally
the solution/ strategy needs to depend on more than one layer of validations
and not just one. Most enterprises might already have invested in security in
some or the other way. The one term strategy must consider the return on this
investment. Mechanisms such as two-factor authentication, VPN networks etc. may
be already in existence. The mobility must extend or be built on those
premises. The chosen strategy and solution should be easy to manage,
infallible. Typically enterprises would safeguard their networks and sensitive
from single point of failure. The security should be seen as end-to-end. That
typically means - On device, In transit, and Inside network. As long as
enterprises put together a strategy to secure the information/ data in these
three places, any devices can ideally be trusted!
The key touch points of the Enterprise Mobile
Security are depicted in the figure below.
The multilayered security approach entails the
following considerations Application Level security, Network level security and
device Level Security.
The application level security mainly encompasses
Runtime Protection
•
Mandatory Code signing
•
Secure authentication framework
•
Common crypto architecture
•
Application data protection
The network level security can be easily devised dependent on VPN, SSL/ TLS or WPA based transmission channels. The device level
security can be handled through use of robust mobile Device Management (MDM)
solution.
The data security on the device can also be
viewed in different modes such as Access Mode (Authentication and
Authorization), Storage Mode (Encrypt, sandboxed). Security requirement of a
mobility solution must be assessed in various stages of the project life cycle
such as architecture and design, development and deployment.
The choice of the device and solution delivery
plays an important role in security. The advanced mobile operating systems such
as iOS, Android and Windows Phone support security to a greater extent anyway.
The security strategy must use these out of the of the box features provided by
mobile operating systems.
