LaSun Group Home News 查看内容

Enterprise mobile information security Ten prerequisite

2013-6-14 02:17| 发布者: admin| 查看: 3572| 评论: 0

Become a mobile enterprise, which means you can bring a lot of new business opportunities. If you can move through the process of tablet PCs and smart phones to access e-mail, applications and data, will be more satisfied employees, working together will be more efficient. Mobile office solutions rely on companies doing business can gain a competitive advantage and achieve rapid growth.

In a recent survey, Aberdeen found that most leading enterprise business processes associated with the user's mobile device is the wish of all the other companies three times. However, recent surveys have shown that almost all analysts, security is impeding the implementation of enterprise mobility business enterprise and the "Bring Your Own Device (BYOD)" program's main stumbling block. "CSO" magazine recently reported that 17% of companies have experienced mobile security events.


Concerns about the safety of mobile

Concerns about the safety of mobile involves many aspects: compulsory until the device from the password encryption, but plans to implement mobile office staff, data security and data leakage is their major concern. Enterprise security experts JackGold said that enterprises annually lost smartphone will reach the laptop 3-4 times. Gold asked: "smart phones and tablet PCs memory up to 32 or even 64 GB, which can save many records?" Cost per lost record estimated at more than $ 250 4 shows how high the cost of data breaches. Some research shows that, for large and small enterprises, each mobile data leakage caused losses of up to U.S. $ 400,000 and U.S. $ 100,000, and some cases even up to several million dollars. As more and more smart phones and tablet PCs is not only connected to the corporate network, and will be used to access a growing number of enterprise applications and content repositories, this concern is exacerbated.

In addition to data, enterprise IT and security departments have to worry about the internal network open to a variety of mobile devices risks. In many cases, smart phones and tablet computers can not get effective control, meaning that they will bring cyber security threats to the enterprise compliance adversely affected. There are three major factors that lead to business concerns about security

1 Move the explosive growth of devices and applications

Center for Telecom Environment Management Standards (CTEMS) reported that 78% of companies allow employees to use personal mobile devices office, seven and businesses only in the Apple iPad tablet computers in the IT spending in 2013 will reach 16 billion U.S. dollars, the enterprise use not only the surge in the number of mobile devices, and user groups are also expanding from corporate executives to ordinary employees. In addition, regardless of the device or corporate employees allotted personal devices, the number of applications on these devices is also increasing.

Asymco mobile analytics company reported an average of each application running on iOS devices up to 60. 9 In view of more than half of enterprises will support more than one type of device, enterprise networks appear non-compliant applications or malicious application possibilities enormous. These facts all point the finger malware, Wall Street Journal in "Your Apps are Watching You" the article pointed out: In the survey of 101 kinds of mobile applications, 56 kinds of the device ID, 47 seeded will position data, five kinds of personal information sent from the device to a third party server.

Although this research to consumer applications as the center, but it reveals this fact: devices and enterprise networks in a variety of applications installed on the device before seemed so vulnerable. Although these applications are not considered malicious applications, but they can violate corporate policy access, collect and transmit sensitive data, and can bypass the traditional enterprise security monitoring mechanism.

(2) the increasing popularity of mobile access

All levels of business executives have a strong desire for employees with mobile devices and make them during the move access to corporate applications and data. Companies will gradually expand horizontally - that is, in different business sectors to achieve mobility. Citrix conducted a survey showed that more than 3/4 of the enterprises will be in 2013 for each business unit to deploy mobile applications, and more than half of which will be mission-critical applications.

In addition, 80% of companies are developing custom applications. This includes waiters and cooks with iPad tablet restaurant chain, including through SamsungGalaxy Tab tablet computer sends to the crew, "flight data package (ight bag)" - which includes electronic flight manuals, flight plans and compliance documents, etc. - airlines. This mobile access means shows great potential, but it also means that corporate data and network access will be more and more devices fall into the hands of more users, thereby enabling the risks increase exponentially

3 consumer popularity of file-sharing tools

We see, enterprise mobility security solutions usually lock is lost or stolen device or erase the data center, but in fact the biggest threat comes not subject to any control data sharing. Currently, millions of users through a variety of cloud-connected terminal devices to share data, data leakage degree of harm is much more than a device is lost / stolen hazards. Due to the following multiplier effect (multiplier effect) the impact of consumer file sharing tool is especially worrisome: Save the data outside the corporate network through a device that is not only shared, but also through these tools to connect with vulnerable to viruses of shared by all devices. According to "Citrix Cloud Mobile Device Management Report (Citrix Mobile Device Management Cloud Report)", some of the most commonly used applications, such as Dropbox and Evernote, usually the most blacklisted by corporate applications. This shows that they are both useful commercial risk will bring double-edged sword.

To-end mobile security framework

IT security professionals will have eyes on the mobile device management (MDM) or enterprise mobility management (EMM) solutions. However, the previously listed all kinds of mobile challenges require a new, more comprehensive security framework - a limitation MDM solution provides the basic lock and erase functions security framework. Today's businesses need an advanced solution, providing them with the appropriate tools to across devices, applications, data and network end to end this way, the initiative to monitor, control and protect corporate

Enterprise Mobility 10 "prerequisites"

The following lists the requirements companies must manage enterprise mobility solutions provider to answer 10 questions.

1, Can I manage any BYOD or business equipment?

Many companies require basic device management functions. They need to focus on configuring the device security, such as passwords and encryption, detection and shielding non-compliant devices, such as equipment or installed jailbreak blacklist application equipment. The device is lost or stolen, or users leave, they need to be able to disable the device. As more and more businesses in their office environment using both staff Bring Your Own Device (BYOD) and corporate-issued devices, so the solution should be able to help IT departments easily specify ownership of the equipment and to develop strategies and practices accordingly.

2, I have no ability to protect and manage native mobile applications or Web applications?

Application varied, but not a security framework using the same. IT departments need to focus on the protection of any mobile applications, Web applications or intranet, in the development process and even after the end of the development process of their implementation of the access policy to ensure secure connections and data control.

3, I can provide users with safe alternatives to replace their core production applications to the user experience without the expense?

Which applications are the core required for mobile users office productivity applications - e-mail, Web or data access? The default is to use the user's local application or applications they have become accustomed. However, if the enterprise cloud can provide users sandboxed and attractive alternative to replace the original they are familiar with and like e-mail client, browser and file sharing tools, what will happen?

4, I can provide secure mobility and protect users privacy?

While many companies have chosen through a comprehensive enterprise mobility management solutions to address the challenges of mobile office, but it requires strict adherence to user privacy regime companies may tend to choose lighter and easy way. This means that they will be deployed on the device email client or security applications. Solution should be flexible enough to meet any single scene or mixed scene; For example, the United States hopes to provide device-level management employees, but only for staff within Germany sandbox-style e-mail client is a global enterprise good examples.

5, I can provide users with single sign-on (SSO) capabilities, and to provide any application on any device?

Single Sign-On (SSO) for all users to be able to bring some help one of the few security features. IT departments can more easily complete the application provisioning and deprovision, former employees of mobile applications to ensure access privileges can be immediately revoked. Users can easily access without going through the small screen for authentication. On any mobile businesses, this is essential. If the business you want to achieve true mobility, IT departments are likely to require not only provisioning of mobile applications, but also need provisioned Web, SaaS, Windows, and data center applications. IT departments need to be delivered through a single channel all these applications: a unified application store.

6, I can provide scenario-based network access?

The face of all kinds of mobile access network equipment, IT departments need to analyze the results based on the endpoint and user roles to define the full access and control strategies to determine which applications and data delivery, as well as how much of the content users are assigned access privileges.

7, Can I protect data while allowing users to access their content?

Mobile users need access to enterprise content, but the lack of effective tools for IT departments to manage user access and control data. Regardless of the content stored in Microsoft SharePoint, or in data sharing and synchronization applications, IT departments should be able to develop and implement data protection policies, regulations allow and do not allow the user to perform what operations the contents - save, email, copy / paste and so on.

8, I can be flexible depending on the implementation of appropriate security measures?

And balance security and privacy challenges, businesses also need to implement appropriate for the specific circumstances of safety precautions. IT departments need flexible solutions to support the "good-better-best (good - better - best)" security method, security and usability to achieve the right balance between.