Mobile security in the enterprise - there's a missing puzzle piece

With mobile malware and ransomware proliferating at a rapid rate, companies are recognising the need for security technologies to protect network resources accessed by employees with their devices. But, they're missing an important piece of the puzzle.

"A mobile management solution holds little ground without a policy in place. Companies are neglecting to define what resources can be accessed and have not identified what devices are already accessing the network. End-user training and education are also pushed aside as there's an assumption that a mobility management solution will take care of the risk. However, it doesn't work that way.

"Companies should know what devices are accessing their networks. Restrictions should be placed on what information can be accessed, and employees need to understand what they are and why they are there," says Michael Morton, a mobile security specialist at Securicom, a leading IT security solutions company.

He continues: "A mobile device policy should be developed to define what mobile devices are permitted to access on the network. This sounds elementary. But the number of clients that don't have a mobile security policy defined is surprising. They know they need to manage mobile devices in the enterprise, but have no idea where or how to implement it. A sound policy is the very foundation."

The most sensible way to address the burgeoning bring-your-own-device and bring-your-own-app trends is to first define a policy around their usage and then deploy an effective mobility management solution to enforce that policy. To complement this, Morton recommends a network access control (NAC) device.

"This device allows you to define what devices are allowed to connect to your network, and what they are allowed to access once they are on the corporate WiFi. The NAC can also perform some host checking functions and integrate with a mobility management solution. The mobility management tool can inform the NAC if any suspect applications are on a device, and based on this, access to the corporate network can be limited or removed."

When it comes to mobility management and security tools, not all are created equal. With a true enterprise mobility management solution, features like application risk management and threat management can assist in detecting and remediating mobile malware. Application risk management reviews the reputation and security state of applications installed across the device base. Threat management takes it a step further, allowing for the detection, analysis and remediation of malware on mobile devices across the enterprise.

Morton stresses, though, that combating mobile malware in an enterprise requires a multi-approach that includes the use of such technologies as well as behavioural change.

"Educating your end-users around what malware is, how it works, and how to detect and or remove malware from a device is critical to stamping out mobile malware in an enterprise. Most people believe that if you have a mobile security tool or an anti-virus installed, they are protected. However, while these applications greatly assist in protecting devices, the end-user has the final say. They are the ones downloading applications from untrusted sites, or opening malicious links in SMS. As end-users, we need to be more security savvy because, remember, all cyber criminals have an agenda."