Mobile Security - The Key Barrier to Mobile Enablement
|発行||VDC Research Group, Inc.||商品コード||338485|
|出版日||ページ情報||英文 41 Pages; 4 Exhibits
|モバイルセキュリティ：モバイル化の主な障壁 Mobile Security - The Key Barrier to Mobile Enablement|
|出版日: 2015年08月28日||ページ情報: 英文 41 Pages; 4 Exhibits||
Enterprises continue to resist moving full speed ahead with mobile initiatives that have real potential to reduce operational expenses and increase productivity. The opportunity to enable access to applications and data repositories, anywhere and anytime, is still largely untapped due to pre-existing perceptions associated with mobile security and the dogged efforts of bad actors that continue breach corporate security constructs. But consumerization trends suggest that the number and variety of mobile devices used to conduct business will continue to grow, making the need for robust security more pronounced than ever. Modern mobile platforms, however, are more vulnerable to greater and more varied security risks than the established IT world is. The right security approach will help enterprises address these threats while taking advantage of the huge benefits that mobile enablement offers.
The three main mobile targets that VDC has identified are information, identity, and availability. Consumerization trends show that personal mobile devices are increasingly used for both private and business purposes. Devices typically store valuable and often sensitive information; keeping that information secure is vital. If a malicious third party gains access to personal financial data, photographs, or information about where the owner lives, works, and spends his or her leisure time, for example, the consequences can be disastrous and irreparable. And since devices are used for work as well as leisure, the possibility of sensitive business information getting into the wrong hands could have much wider-and potentially massive-implications.
The battle continues to intensify among mobile ISVs to be the primary provider for an increasingly broad range of mobile solutions for today's businesses. Mobile device deployments continue to expand in enterprise environments and are being integrated into workers' daily activities in companies of all sizes. This trend is making mobile IT infrastructure investments for mobile management and security a priority for CIOs, CISOs, and IT leaders. Protecting data on a server is one thing, but protecting data in motion is another. The increased use of mobile devices in businesses means people carry around (and potentially expose) more information than ever. A typical mobile device is likely to contain both personal and work-related data. This includes emails, email attachments, voice mails, text messages, and private corporate data. Essentially, every mobile-enabled worker is potentially holding a gateway into the enterprise network and access to sensitive and/or confidential data. Safeguarding intellectual property and business information from theft and misuse is an increasingly critical management issue, and security is a core business function, regardless of whether a user is in the C-suite or on the lowest rung on the corporate ladder.
The cost of data breaches can be enormous, not only in dollars but also in lost time, productivity, and overall organizational well being. Crafting and implementing comprehensive mobile policies, therefore, is critical for sustainable and effective mobile enablement.
The current mobile boom has CIOs and IT leaders actively investing in solutions to help mitigate the increasing risks associated with using mobile devices for work-related purposes. The line between personal computers and mobile devices has already blurred, and the portability, connectivity, and storage capacity of smartphones and tablets pose a significant data leakage risk. The mobile hardware race is in full swing. Chip manufacturers continue to enhance their embedded security while handset OEMs expand their respective operating systems with important security and API enhancements. At the same time, venture funding continues to flow to a vibrant ecosystem of security-oriented ISVs. With each new smartphone activation, however, a new target is born. One unfortunate side effect of the explosive growth in smartphones has been the problem of security, particularly in corporate settings. Consumer demands for mobile platforms to offer the same conveniences as modern PCs has created new risks. Vulnerabilities such as malware, direct attacks, data interception, exploitation, and social engineering all have transitioned into the mobile space as fluidly as the operating systems themselves. Several prominent organizations, such as Anthem Inc., BlueCross BlueShield, JP Morgan Chase, The Home Depot, The Department of Veterans Affairs, and WellPoint Inc., have been negatively affected by lost or stolen unencrypted devices, the most common cause of security breaches.
Organizations understand the need to employ a layered approach that will create additional protections to keep their devices and infrastructure secure. The rising risk of infection from malicious applications has compelled organizations to invest in solutions that offer real time antivirus and malware scanning, along with the ability to identify vulnerabilities in web and mobile application source code. Context-aware detection and prevention capabilities are also increasingly important. Organizations find that they require secure access and authentication to a wider range of back-end services from multiple mobile apps/platforms.
The security landscape is in a state of constant change. IT departments must constantly assess the best ways to secure and manage a multitude of mobile devices on diverse platforms. Changing work styles increase employees' desire or need to work at any time, from any location, with data that is accessible from the company network, the Web, or the cloud. IT departments are thus dealing with a moving target and require a broad range of protective measures, depending on their organization's security posture. Due to the multilayered security dynamics of mobile platforms, neither an ideal hardware configuration nor one type of communications network can reliably catch all threats and assure security. Operating systems, applications, devices, and networks all affect security in a dynamic market. Investing in IT staff with mobile-first expertise that is specific to security is important, as is implementing the appropriate infrastructure to enable secure remote access to pre-existing data stores and application platforms.
Without the appropriate policies, training, and governance mechanisms in place, our personal and corporate data will become comingled, potentially resulting in data leakage and putting organizations at risk. Educating employees is critical to minimizing the threats mobile enablement introduces to an IT infrastructure. Typical users either don't understand the available security mechanisms or cannot properly use the appropriate protection mechanisms to their (and their organization's) full benefit.
Mobile-first security vendors have seen core device management capabilities commoditize. They have been actively engaged in developing security solutions focused on managing mobile applications as well as providing secure access to existing corporate data stores to their mobile workforce. Prominent enterprise mobility management (EMM) vendors have also shifted their focus away from managing devices and have developed secure content, collaboration, and application management solutions. The enhanced security functionality that has become central to these vendors' platforms, however, is the ability to keep applications and data in a designated area. This type of application-layer solution (often referred to as a “secure container” or “containerization”) is a key area for differentiation in the market. Not all containers are created equal, as vendors deploy different approaches that rely on device-side and chipset-level features, which vary depending on the device.