11 months ago


mobile management

mobile management responsiveness, but can also be a major security headache without strict management. The network's attack surface is increased with each new mobile device, and many organisations quickly lose track of what devices are connected and how they are being used". The BYOD approach, in particular, can expose companies to a much greater level of risk, as a mobile that is also used as personal device will be more likely to be hit by threats such as mobile malware and fake or corrupted apps. A compromised device can then be used to infect the rest of the corporate network or access confidential emails and other data. "Any company with a mobilecentric workforce should ensure it has a strict Mobile Device Management (MDM) strategy to secure emails and corporate documents, segregate corporate data, and enforce security policies," states Noctor. "However, MDM is not always applicable and can be difficult to combine with BYOD or apply to individuals such as contractors and others who have access to corporate resources, but are not full employees." Mobile Application Management (MAM) is a more flexible and secure approach for this more diverse workforce, he suggests. "This approach places security and app management policies around the individual business applications, so they are protected without the need to enrol the device in MDM. Workers are provided access to officially sanctioned and secured mobile apps via a private enterprise app store. This ensures that employees are able to easily access the best apps for the job, while also enabling the organisation to keep track of what applications are being used." Managing mobile apps in this way can also help enterprises ensure the highest levels of security even without requiring MDM. "Powerful app-level policies can be used to enforce security policies, such as detecting jailbroken devices and applying run-time integrity checks, as well as ensuring that all apps are kept updated," he adds. INADEQUATE PROTECTION Despite the publicity around mobile security, research seems to suggest that many organisations are not adequately protecting workers and devices when on the move or in public spaces, comments Dave Williams, business manager - UK Electronics Market, 3M. "As well as more robust software-based measures, another factor to consider is the 'low tech' one of prying eyes. Just looking over someone's shoulder, he cautions, is "one way to obtain confidential information. Security breaches are not confined to savyy hackers". In the recent Public Spaces Survey commissioned by 3M and conducted by the Ponemon Institute, nine out of 10 people questioned had noticed someone looking at data on their laptops in public, according to Williams. "Seventy-six per cent had also inadvertently seen something on someone's screen that they should not have done. However, just over 50% confirmed they had not taken any preventive steps to protect their own screens from onlookers in public." VISUAL HACKING Other research also demonstrates just how easy it is to carry out a 'visual hack', whether inside or outside the office," he continues. "In the Global Visual Hacking Experiment, also carried out by the Ponemon Institute on behalf of 3M, involving a 'white hat' hacker, more than 90% of visual hacking attempts were successful, with 49% of breaches taking less than 15 minutes, with an average of 3.9 pieces of sensitive data obtained per attempt. "The reality is that, while visual hacking is fast and easy to achieve, it is also fast and easy to prevent, using techniques such as installation of privacy filters, which stop on-screen information from being viewed, unless straight-on and close-up; angling screens, so they cannot easily be seen; plus educating employees about their responsibility to prevent sensitive data being visible to others, particularly when they are working in public spaces." 28 computing security May/June 2017 @CSMagAndAwards

purchasing strategies REAL PRICE OF SECURITY SOLUTIONS THE IMPORTANCE OF MAKING PURCHASING DECISIONS FOR SECURITY SOLUTIONS BASED ON QUALITY, RATHER THAN INITIAL PURCHASE PRICE ALONE, IS NOW BEING HAMMERED HOME Astark warning has been laid down in a new white paper concerning the challenges involved in buying and selling high-quality security solutions. The paper aims to explore the price versus quality debate from the perspectives of both buyers and sellers of security solutions, in order to identify the relative advantages and disadvantages between low-priced and highquality solutions. The main findings of the paper clearly suggest that end users would find it far more beneficial to consider and deploy high-quality security solutions. The findings also reveal that there are many advantages for security providers who offer high-quality solutions to their customers, rather than merely competing with each other on the basis of price. Security providers would be much better off collaborating with their customers and developing a good understanding of buyers' needs in order to provide suitable solutions that meet those requirements and perform well over time. Commissioned by the British Security Industry Association, the white paper, which is titled 'The (Real) Price of Security Solutions', has been authored by Dr Terence Tse, an Associate Professor of Finance at ESCP Europe Business School, and sponsored by BSIA member companies Securitas and ATEC Fire and Security. The research was driven by immediate past chairman of the association, Pauline Norstrom, during her time as chairman. "I have been in the industry some 16 years, before that in tech marketing across a broad spectrum of industries," she commented. "During that time, I have watched and experienced the manufacturers within our industry race to the lowest price, compromising on materials and functionality in order to do so and often at the expense of UK jobs in the process. "I have seen the industry rush to the cheapest price to win the bid, with companies offering solutions at very low margins being left with substantial additional costs they cannot cover. In addition, end users are often provided with an inferior solution which does not solve their problems," she added. "Essentially, I hope that the paper will educate the security buyer as to the art of buying a specialised security solution, rather than a bunch of part numbers or just cost per hour; and instead to consider the value of the sum of the parts bringing a larger benefit than those parts working in isolation." The paper sets out recommendations for both security providers and security buyers through checklists that aim to help security buyers make better informed purchase decisions and security providers to better demonstrate the value of their offering, rather than compete on price alone. Pauline Norstrom: "I have seen the industry rush to the cheapest price to win the bid." @CSMagAndAwards May/June 2017 computing security 29