Establishing Digital Trust: Don't Sacrifice Security for Convenience
Employees these days are bringing an ever-increasing number of personal mobile devices into the enterprise environment, a fact that has become an important security concern in many organizations. In an effort to help IT managers better manage mobile devices, Symantec this week announced a new consulting services capability known as the Symantec Mobile Security Assessment Suite.
Symantec (NASDAQ:SYMC) said the suite consists of a set of services that help enterprises evaluate their mobile security postures and develop defenses against mobile threats and vulnerabilities.
"Today's mobile devices are a mixed bag when it comes to security," said Carey Nachenberg, vice president in Symantec's Security, Technology and Response organization. "On the one hand, these platforms have been designed from the ground up to be more secure—they raise the bar by leveraging techniques such as application isolation, provenance, encryption and permission-based access control. On the other hand, these devices were designed for consumers, and as such, they have traded off their security to ensure usability to varying degrees. These tradeoffs have contributed to the massive popularity of these platforms, but they also increase the risk of using these devices in the enterprise."
Nachenberg said the fact that employees bring these consumer devices into the enterprise and use them without oversight to access corporate resources like calendars, contact lists, corporate documents and even e-mail increases the risk.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
"This back door connectivity results in the loss of potentially sensitive enterprise data across third-party systems that are out of the enterprise's direct control and governance," Nachenberg said.
There are more than 300 million smartphones in the world today, and 76 percent of users say they use them for both personal and business uses, according to Harry Sverdlove, chief technology officer of application whitelisting firm Bit9, which two weeks ago released a list of the 12 most vulnerable smartphones available today.
"Smartphones are the new laptop and represent the fastest emerging threat vector," he said. "In our bring-your-own-device work culture, people are using their personal smartphones for both personal and business use, and attacks on these devices are on the rise. This dynamic is changing the way corporations think about protecting confidential data and intellectual property. This is the new security frontier."
The Mobile Security Assessment Suite is a service that Symantec hopes will make it easier for IT managers to assess the risk such devices present and develop plans to mitigate that risk.
"When it comes to implementing mobile technology, enterprises are being thrown into the fire," said Clint Sand, senior director the Security Business Practice at Symantec. "Enterprises know that security is the main impediment for broader adoption of mobility, but with all the changes in operating systems and applications, IT managers are unclear on how to comprehensively address the security challenges. We want to help these organizations with an assessment of their security posture and make recommendations on the best ways to embrace BYOD."
The suite consists of two modules: one to holistically assess enterprise mobile security and one focused on mobile application security.
The Symantec Mobile Security Assessments module evaluates the level of risk inherent in the enterprise use of devices like iOS and Android phones and tablets. Symantec said it leverages use cases and available security controls to help enterprises understand present and anticipated exposure to information security risk as a result of gaps within information security programs, policies and processes.
Meanwhile, the Symantec Mobile App Security Assessments module simulates real-world device operating system and application-level attacks to evaluate the organization's custom mobile applications against best practice criteria for mobile application security. The results are intended to provide insight into the ability of the organization's mobile applications to resist attacks from unauthorized users and prevent misuse by valid users.
Once the assessments are completed, Symantec said it delivers a written report that provides a scorecard of the organization's mobile security readiness and prioritized action plans for closing security gaps that exist.
Thor Olavsrud is a contributor to InternetNews.com, the news service of Internet.com, the network for technology professionals.