This page contains a Flash digital edition of a book.
SPOTLIGHT: COVER FEATURE W


e have fallen in love with portable devices, including smartphones and tablets. By


reinventing the way phones and portable computers work, an intuitive and user- friendly way to surf the web, communicate, and access entertainment is offered. For many of us, it’s hard to imagine life without instant access to personal communications, social networking and media sharing sites that these devices provide. The fl ip side of this is that organizations are facing a growing set of challenges, as employees increasingly select and use tablets and smartphones – as well as laptops – to perform their work. The rise of the ‘company car’ IT scheme (‘pick any of the following – but you pay if you want something higher performance’) – also known as bring your own device (BYOD) – means that information will need to be secured across many more platforms that are not wholly under the direct control of the organization.


A key challenge is that many of the most popular consumer devices were not designed from the start as business tools, and they do not offer levels of security comparable to current desktop and laptop computers. What’s more, the way these devices are used blurs the line between personal and business behavior. Among the potential risks to the organization are misuse of the device itself, external exploitation of software vulnerabilities, and the deployment of poorly tested, unreliable business apps – all of which open up new routes for data loss. They present just another way for an organization’s reputation to be damaged. But all is not lost. By putting in place the right working practices, usage policies and management tools, organizations can benefi t from the greater fl exibility, increased productivity and reduced costs that consumer devices can bring to the workplace, while minimizing exposure to the potential risks. However, time is of the essence, and organizations urgently need to formulate a response to this trend. That’s


why the Information Security Forum (ISF) has worked with a number of its members – leading organizations in the employment of technology – to compile an objective, best practice-focused approach to securing mobile devices.


The Urgency of Now The need to act is clear. Thirty-three percent of ISF members who provided input to a recent ‘Securing Consumer Devices’ report already use consumer devices in certain parts of their operational environment, and 75% have pilots or are running trials. Over 70% remarked that the pressure for increased adoption and change in this area was escalating – with most saying that it is “escalating severely”. To help its members formulate an


effective response to these demands, the ISF report breaks down portable device


Main Drivers of Portable Device Adoption


security into four manageable components: governance; users; devices; and applications and data.


Governance


Without control over portable devices, organizations have little or no visibility of usage and penetration, and poor knowledge of ownership, support requirements, adherence to policies, or compliance. In addition, consumer mobile devices and apps are typically sourced from a wide variety of unapproved, non-corporate suppliers, with limited attention paid to service provision contracts.


Senior management 50% Business groups IT


Other


Source: ISF’s ‘Securing Consumer Devices’ report, 2011


20% 20% 10%


Addressing this demands creating a framework for ensuring correct and consistent mobile device security assurance. This involves surveying the extent of consumer device penetration and identifying the different device user groups, their requirements, and the attendant risks. Organizations then need to agree to a device provision mechanism; defi ne policies around ownership, corporate access and acceptable use; and identify any statutory requirements.


A comment from one participant in the ISF survey, an executive at a services company,


www.infosecurity-magazine.com /// 29


Our CEO walked into the board meeting and gave everyone an iPad. He then turned to the CIO and said, ‘We’ll be using these from now on!’


ISF member


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60