GreenPages Blog

As an IT professional, you need to stay current on all things tech; with articles from industry experts and GreenPages' staff, you get the info you need to help your organization compete and succeed!

All Posts

Mobile Devices in a Cloud World

Someone recently said to me, "With everything moving to the cloud, mobile device security really isn't going to matter anymore. Sensitive data will never be stored on the device.” The thinking is that sensitive corporate data will be centrally stored and not held on mobile devices.  And with the proliferation of 3G and 4G networking, access should be available from almost anywhere. However, this doesn't mean that we no longer need to worry about security of the endpoint device.

 

When more and more applications became web-based, did we suddenly no longer have to worry about the security of the endpoint workstation or notebook computer?  Certainly not. We aren't just talking about what happens if a device gets lost or stolen.  There are still threats to the endpoint itself that, if not addressed, will leave the endpoint vulnerable.  And a vulnerable endpoint can lead to the exposure of sensitive data.

 

But there's no sensitive data on the device, you might say. You'd be wrong. Most mobile applications store credential information on the mobile device. That, coupled with the often weak user authentication requirements of the typical mobile device is all that separates the bad guys from your data. Even if the data is primarily accessed only using a mobile web browser, it's highly likely that data is cached on the device for performance purposes.

 

Ultimately, success here is all about controlling the access and consumption of the data that you're making available to mobile users.  Can you confirm without a doubt that the user is who they are, using an authorized device, and using the appropriate method to access this information? Do your access controls still apply if that data is stored on a mobile device? Great. Can you ensure the integrity of the hardware device, the operating system running on the device, the application used to access your information, the other applications running on that device, the communication protocol used to access information, and the 3G or 4G network itself? I bet you can't.  And with the BYOD (bring your own device) movement just starting, most of these things are not within your control. You are just not going to be able to control everything and eliminate all risks.

 

But that doesn't mean you should do nothing at all.  You need to understand what you can control and take measures to reasonably protect the remote device and the access method (hardware, software, communication protocols) and the data on it so that you're not putting the organization’s sensitive information at risk.

For more information, download this BYOD Webinar!

Related Posts

New SEC Rules for Reporting Cybersecurity Incidents Are Coming

By Jay Pasteris, GreenPages CIO and CISO The SEC is proposing new cybersecurity rules for public companies. GreenPages' Chief Information Officer & Chief Information Security Officer, Jay Pasteris, looks at the pros and cons of these rules and offers advice on how your company can prepare.

CIO Fireside Chat Recap: Responding to a Ransomware Attack

By Mario Brum, VP of Practice Area and Technical Advisory Services, GreenPages   Mario Brum hosted our inaugural CIO Fireside Chat, an online event for business executives and IT experts about the latest tech topics and trends. In this blog post, Mario recaps the discussion on responding to ransomware attacks and shares data from a real-time poll showing how top cybersecurity leaders responded to this controversial topic. 

How Microsoft Purview Simplifies and Secures Your Organization's Data

By David Barter, GreenPages Microsoft Technologies Practice Lead Managing disparate data sources is a challenge for today's hybrid workforces. But Microsoft Purview can simplify your data security, governance, and compliance.