A Barcoding solution is never just a piece of hardware: This is the heart of Barcoding’s Process, People, Technology (PPT) philosophy.
First, we work to understand our clients’ businesses—their workflows, people, cultures, and goals—and then we discuss the types of technology available to fit their needs.
Barcoding, Inc. is a premier partner with the best manufacturers and software providers in the automated data capture, mobility, and supply chain spaces. Because of our strong relationships, our clients have access to high-level resources at our partners’ organizations—from the executive teams to sales, engineers, and support.
Headquarters
3840 Bank Street
Baltimore, MD 21224
Call us: 1.888.412.SCAN (7226)
Email us: info@barcoding.com
A Barcoding solution is never just a piece of hardware: This is the heart of Barcoding’s Process, People, Technology (PPT) philosophy.
First, we work to understand our clients’ businesses—their workflows, people, cultures, and goals—and then we discuss the types of technology available to fit their needs.
Barcoding’s #SupplyChainGeeks draw on decades of experience across manufacturing, distribution, retail, and transportation & logistics.
Our experts partner closely with customers and technology partners, taking a brand-agnostic, Process-People-Technology approach tailored to your industry’s complex landscape.
Barcoding, Inc. is a premier partner with the best manufacturers and software providers in the automated data capture, mobility, and supply chain spaces. Because of our strong relationships, our clients have access to high-level resources at our partners’ organizations—from the executive teams to sales, engineers, and support.
Headquarters
3840 Bank Street
Baltimore, MD 21224
Call us: 1.888.412.SCAN (7226)
Email us: info@barcoding.com
Enterprise mobility IT security is often likened to insurance. Something you account for simply because you have to have it. However, this limited view misses the point. Security provides more than just cover in response to a specific event. It can provide assurance too – allowing your enterprise to operate and innovate without the risk of data breaches.
In this whitepaper, we explore the key considerations for developing a robust mobile security policy. We present the key risks and what you can do about them so you can set in motion new opportunities to improve productivity, efficiency, and accuracy across your operations.
There remains some difference of opinion over the value of security. What everyone can agree on is that it is a complex subject that touches many areas of the organization. When you consider the variety of mobility use cases, application methodologies and deployment options of individual enterprises, the overall value of security, as well as the complexity, becomes more evident.
In a retail store, staff with tablets can serve customers quickly. But those customers want assurances that the personal information they hand over is safe on these devices. In manufacturing, there is the rise of wearable technologies to consider. This change will mean securing the flow of data from a large number of end points.
Application methodologies also vary depending on the use case and the type of device. From web-based apps through to native mobile apps or even hybrids, each instance places unique security demands on the enterprise.
The mobile deployment options available can add another level of complexity. If the enterprise encourages Bring Your Own Device (BYOD) or uses consumer-grade technology then the IT team might have to commit additional resources. They will have to develop in-house security solutions when consumer-grade mobile operating systems (OS) do not provide the required levels of security. There are also additional concerns when it comes to protecting network activity and security for WAN or WLAN connectivity.
Mobility platforms must deal with each of these security considerations at the same time as responding to the organization demand for more IT on-the-go. The goal for any enterprise should be preserving data security without disrupting day-to-day operations. So what are the core threats and what should a robust mobile security policy include?
There is the rise of wearable technologies to consider. This change will mean securing the flow of data from a large number of end points.
The basic characteristics of mobile devices mean they are exposed to a significantly higher number of security threats compared to desktops. The small and portable form factor puts them at risk of theft. Multi-purpose operating systems and applications can create multiple pathways for cyber criminals to exploit if not properly managed. Plus, communication over open and unprotected Wi-Fi or cellular connections reduces the protection of enterprise or customer data, thereby requiring additional consideration for controlling access to unsecured networks.
According to industry analysts VDC, preventing data breaches is one of the top three enterprise mobility investment concerns. Having security policies in place for handling lost or stolen devices and data is also in the top five – behind minimizing downtime, ensuring user friendliness, and reducing support costs.
Rate the following mobility issues in terms of their importance to your firm (1=Extremely unimportant; 6=extremely important)
These are not simplistic risks either. Drill down into the overarching security concerns and you will find both internal and external threats. The VDC research is corroborated by a TechTarget SearchSecurity survey into the top five enterprise mobile security issues. Each of the big issues identified by its 487 respondents related to concerns over corporate data.
What is at stake is the organization’s reputation and revenue. As one article on CIO.com states, “The more that employees and contractors use mobile devices to access organizational systems, applications and data, the more important it is to protect such access. Furthermore, it’s essential to prevent the mobile devices that are supposed to boost productivity and add to the bottom line from opening unauthorized means of access to information and other assets; this turns them into a danger and a possible drain on revenue instead.”
The question remains: What specific action can your organization take to deal with the ongoing threat of enterprise mobile security issues?
With an increasing reliance on mobile technologies, enterprises must look for a more fluid response to security issues. An aggregation of analysis by Gartner, Forrester, and Information Week shows just some of the key responses that IT teams can take to deal with internal and external risks.
Forrester also advocates the following seven responses as key for mobile device management (MDM) and mobile security:
Both sets of measures are effectively only ‘wishlists’ from IT if the enterprise is not willing to take mobile security seriously. Executives play a key role in elevating security to the boardroom and committing resources to combatting increasingly sophisticated threats.
To do this effectively, it pays to understand the most common regulatory requirements and international best practice for security. A brief review of these standards highlights the measures that every enterprise should be including in their mobile security policy:
The enterprise must then move forward with a mobile policy that includes these security measures at its core. Alongside use case scenarios, security should be just as influential in the choice of devices and operating system.
Given the proliferation of security risks, enterprises lured by low-entry prices must re-evaluate the use of off-the-shelf, consumer-grade devices. Most consumer grade operating systems on these devices do not come with all the security features enterprises require. Studies show that the total cost of ownership (TCO) of using consumer-grade devices for enterprise applications can be between 40% and 78% higher than purpose-built enterprise devices. Security is an important element in this differential.
Consumer devices used in enterprise applications are often an invitation to a security breach. In one BYOD study by Decisive Analytics, nearly half (46.5%) of the companies surveyed reported a data or security breach as a result of an employee-owned device accessing the corporate network. Significant investments are being made to counter this threat. However, there are no guarantees that these security workarounds will continue to be effective against emerging threats.
In contrast, purpose-built rugged enterprise devices are designed and augmented to satisfy and simplify compliance with key regulatory mandates on security. The scope of security compliance can range from the very broad (e.g. user training) to the very detailed (e.g. validation of the integrity of cryptographic algorithms).
No device or mobile OS platform can independently assure compliance. But obtaining devices and software platforms from a manufacturer that focuses on security mandates will increase the likelihood of compliance and reduce the administrative burden of validation. In turn, this reduces the cost of audits, may prevent monetary fines/penalties, and may eliminate the need to report a data breach. All of which add up to improving the bottom line.
“277 million mobile devices to run some kind of protection by 2016.”
Enterprises looking at consumer-grade devices have a choice of several key market players: Google, Apple and Microsoft. Google’s Android platform has the dominant market share (81% of global market in 2015)5. Its intrinsic security offering also makes it attractive to enterprises considering consumer-grade devices. Especially when compared to alternative consumer mobile OS platforms. Application sandboxing, resource access permissioning, and data encryption are just some examples of the strong security features of Android.
Most concerns with Android security originate with potential malware within GooglePlay – the platform’s app store. Apple tightly screens its AppStore apps because it retains strict control over the signing process. Despite this, the security risk with GooglePlay is one that extends to all public app stores. Each is vulnerable to malware and privacy invasion (even Apple’s AppStore).
The best practice for running ‘Corporate Liable Devices’ is to provide application lockdown and/or use a trusted enterprise app store. Zebra’s Mobility Extensions (Mx) offers increased protection. By simplifying compliance to mobility requirements and regulatory demands, organizations can experience enterprise-grade security on consumer-grade devices.
Allied with an enterprise app store, extensions that include white listing, AD/LDAP authentication, key management and other core enterprise security functionality, will ensure IT teams can issue consumer-grade devices with confidence.
What is clear is that mobile security is about more than just insuring the integrity of the enterprise in the event that data and devices are breached. It can support operational requirements specific to the overall mobile strategy and reduce total cost of ownership across enterprise mobility rollouts. Foremost, mobile security will continue to be evolutionary and will require vigilant, continual review and updates.
While enterprise mobility has come a long way in just a few short years, the complexity of the security landscape has changed (and continues to change) beyond recognition. The challenges are complex and the solutions wide-ranging. They should be explored individually and alongside the organisation's priorities. There is no point having a stringent security policy if it restricts your operations and makes you uncompetitive and your workers unproductive. On the other hand, focusing on everything but security will leave you open to attack. The most robust mobile security policies will mitigate the risks you face while leaving you free to operate and innovate.
The key is to balance priorities within your mobile security policy – accommodating your key business requirements and end user needs with security sub-policies that match different use cases.
Given the complexity and number of key considerations, developing your workforce mobile security policy can appear to be a difficult task. This checklist should help you ensure that whatever choices you do make are successful across your organization – particularly, in balancing user, enterprise, and security requirements.
SEE WHY SECURITY IS JUST THE START WHEN CHOOSING A NEW MOBILE OS. EXPLORE THE OTHER KEY CONSIDERATIONS AT WWW.ZEBRA.COM/MOBILITYREVOLUTION