Security is always a delicate balance: You need to provide efficient access, but only to those that are allowed that access.
Because there are a growing number of mobile devices, and more people utilizing them, there is more potential for breach – it’s just a numbers game, really. Your networks require ever more attention: In matters of security solutions and updates; watchfulness for any day-to-day breach; and investigation of any suspect activity. At the same time, access has to be readily available to those authentic users, sustaining their productivity – and they must be be productive within a fully educated posture, based on well-communicated security policies.
First, before a user even authenticates, remember to have the device authenticate. The network must recognize the device, allow it, and further – have your network survey it for currency in updates, patches and policy. Now you’re swingin’.
Also, mobile devices use mobile-broadband, the same networks as mobile phones. Here, it is basically essential to employ a virtual-private-network (VPN) – and also for any access coming through the public internet. Generally, you want to encrypt any data/communications between devices which transmit through public broadband or internet.
The addition of firewalls is another layer of security. They can be comprised of software, hardware, or both – and essentially emplace filters and authenticating standards before letting devices and/or data through.
Remember that any security procedures and policies are only effective so long as the organization enforces them. The organization must invest in security, in more ways than one. More than monetary, it is the organization’s acknowledgement that security is paramount, and that people will be held accountable to security standards. Regularized training and awareness sessions must be adhered to, and all modern and effective security measures must be undertaken in match to the accelerative nature of outside demands and threats.
Get on a schedule of regularized updates in all regards: Organization, people, process, systems, data, communications, education… Also, be certain to weave Business and IT leaders’ understandings and sanctions in creating and adhering to mutually defined and understood goals.
NP: I Can’t Get Started, Cannonball Adderely, jazz24.org