The seemingly endless parade of high-profile attacks

With the seemingly endless parade of high-profile attacks and data breaches recently, many businesses are taking a critical look at the security and management of their own networks, asking themselves, "Could we be then and there?" One rapidly growing point of concern enterprises should be focusing on is the ever-expanding presence of a diverse fleet of mobile devices connecting to their IT infrastructures.

A recent Symantec survey found that only 51 percent of respondents who use their smartphones for work had been educated by their employer on policies and/or best practices regarding the security of their work-related smartphones. On top of all this, 42 percent said they were not aware of any mobile device security and/or management software or tools in use by their employer.

To compound this issue, most mobile devices entering and exiting enterprises store and access confidential information. The survey found that 73 percent of respondents said they use their work-related smartphones to access such information, with 73 percent of that being competitive or proprietary data. Unfortunately, cybercriminals have taken notice of this trend, even if enterprises have but to.

The ideal mobile security

The ideal mobile security and management strategy is an all-encompassing approach that seeks to offer protection not only on the enterprise side of the fence - where data is used, created and stored - however also from the telecommunication service provider side - where the devices connect and communicate with corporate back ends. Each side requires a in a class by itself set of tools to effectively mitigate the risk these devices create.

Security SoftwareThough mobile threats are however in their infancy and are at nowhere nearly the level we see targeting traditional computing platforms, some creative cybercriminals have found ways to exploit smart mobile devices through viruses, Trojans, SMS or email phishing, rogue applications and snoopware - mobile spyware that activates features on a device without the user's knowledge, just as the microphone or camera. It's in a nutshell growing increasingly important to employ the mobile security solutions that provide a barrier against these attacks, similar to their laptop and desktop counterparts.

Security solutions that feature network access control capabilities can as well help to enforce compliance with security policies and ensure that only secure, policy-compliant devices can access business networks and email servers.

Management ToolsAs important as security software is, it's only one part of the overall equation. Security software must go hand-in-hand with tools that enable enterprises to manage and properly configure the various mobile devices that connect to their networks, just as mobile device management, or MDM, solutions. In short, a then-managed device is a secure device. By increasing IT efficiency with over-the-air deployment of configurations, applications and updates, management solutions help ensure devices have the required policies and applications and that they are configured correctly and kept up-to-date. This not only improves end-user productivity by managing mobile device health, however also ensures security vulnerabilities are not present on the devices.

The risk of loss or theft

Information Protection TechnologiesThe biggest threat to mobile devices remains the risk of loss or theft. As more companies use these devices simply as additional endpoints, data stored and accessible through them is put at even greater risk. Corporate email and data from line of business applications on smartphones often contains intellectual property or information subject to government regulation. The loss or theft of the device exposes sensitive data and may result in financial loss, legal ramifications and brand damage. Strong password/PIN policies prevent unauthorized access to the mobile device and its data. Mobile encryption technologies provide protection for data communicated and stored on end-users' mobile devices. Remote wipe and lock capabilities enable an enterprise to remotely delete all of the corporate data on the device to ensure the data cannot be breached.

Another consideration is as individual-liable mobile devices permeate enterprise networks, organizations need a granular control over these remote wipe capabilities so that only the corporate owned data can be wiped. All things considered, enterprises need to make sure that the appropriate data leakage prevention policies are in place to reduce the flow of sensitive data out of the mobile devices.

Authentication SolutionsMost enterprise networks require a username and password to identify users, however usernames and passwords can be compromised. Using two-factor authentication research provides a higher level of security when users log in to the corporate network. Quality authentication technologies extend the same safety measures to users when logging in from a mobile device. As enterprises develop custom applications, they need to look at extending the authentication to these apps as so then.

Protecting and Managing the Service Provider NetworksAs more enterprise endpoints access the service provider networks directly, organizations need to feel comfortable that these networks are as well free of attacks and threats that could proliferate into their own systems. Superior mobile security and comprehensive network protection allows the service providers to offer that confidence to enterprises.

Network ProtectionAs malicious threats designed to be propagated via mobile networks increase, so too must the measures implemented by providers to block these threats. Service provider networks should be protected at their edge, never allowing these threats to get in. By building a network-wide policy control and enforcement system, these networks are guarded against malware. This network-wide solution must include an application-level security policy that protects against the predominant types of traffic entering the network, including the web, SMS, and MMS. By putting this application-level policy in place, service providers can identify and evaluate new threats from devices as in the near future as they appear and prevent them from reaching other enterprises and end users.

Network-wide policy control

Services RevenueImproving overall security with a network-wide policy control and enforcement solution has additional benefits. It empowers providers to offer revenue-generating protection services for both enterprises and consumers. These include enterprise-level control capabilities where users may browse the web or by controlling devices connecting to the enterprise infrastructure. These capabilities can be sold as a Security-as-a-Service to corporate clients to drive corporate customer retention and acquisition. They can as well be offered as consumer-level control capabilities, providing individual subscribers control over their mobile presence across all services.

Security InsightIn order to protect network stability, performance and subscriber trust, it's critical that service providers have real-time insight into what types of activity is happening within their network. To boot, service providers must comply with the increasing regulatory requirements being placed on them. An intelligent security solution designed to identify, manage and report suspicious activity, in real-time, enables a proactive approach to improving network efficiency by allowing only valid traffic to traverse the network. Moreover, operators must ensure they properly store and make retrievable application-level traffic requested by enterprises, helping meet regulatory requirements for data retention and recovery.

The brave new world of enterprise mobility - where computing is breaking down corporate walls and flowing into the real world - is in detail swing. Completely securing and managing this mobility and the anytime access to corporate data it represents has to become a central focus of enterprises and the industry in the aggregate. Ideally, this would include integrated protection strategies for end users, enterprises and telecommunication service providers.

The Enterprise Mobility Group at Symantec

Jon Kuhn serves as Director of Product Management for the Enterprise Mobility Group at Symantec, responsible for the mobile security and management products and services. In his role, he focuses on both the enterprise and service provider routes to market, building solutions for on-premises, cloud and carrier deployments. Jon more recently served as Director of Core Security, responsible for Security Suites and Mail & Web Security product lines. Prior to Symantec, Jon led the product management and marketing teams at SonicWall, a network products and services company and leader in the network security market. There he was responsible managing all aspects of program management and marketing with full P&L ownership. Jon joined SonicWall through the acquisition of Ignyte Research, a IT consulting company where he was a founding member. With over 14 years in the IT industry, Jon has held a number of roles in product strategy, sales engineering leadership and managed teams in both business and innovation consulting.