On the go and insecure

May 2011 Cyber Security

Balancing the mobile security high-wire.

Companies can no longer afford to neglect the importance of securing their mobile devices in a world where smartphones are able to access an increasing amount of sensitive and critical enterprise data.

That is according to Deon Liebenberg, MD for Africa at Research In Motion (RIM), the company behind BlackBerry. He says that companies need to ensure that they put security measures in place that allow them to strike an optimal balance between too little security and between security measures that restrict end-users from achieving business benefit from their devices.

Deon Liebenberg
Deon Liebenberg

Says Liebenberg: “On the one hand, a lack of understanding mobility may prompt companies to take an overly cautious approach to mobile security – all features and functions of the smartphone are locked down, long and complex passwords are required, access to e-mail is provided and all applications are banned.

“On the other hand, too little security stems from IT administrators looking for the path of least resistance. Users are not expected to use password protection and are allowed to install any apps they like on their devices.”

Sometimes both approaches can even be found within one organisation, with say 10% of users falling under ‘too little security’, such as executives and IT staff, while 90% of the organisation is restricted by too many security measures.

There is a balance to be struck between demands from partners, customers and management to ensure that sensitive data is treated securely, including when it is mobile, and from users for always-on, always-connected mobility.

“Users want to download and access applications and have instant access to their calendar, e-mail, contacts and intranet/extranet. With these new realities – for which demand is only going to grow – come new approaches to mobile security.”

Liebenberg says that companies can win the support of end-users for their security policies by making them as transparent as possible, ensuring they do not cripple functionality and designing them to help users be more productive.

If a device is locked down too tightly, users will simply reject it, which then puts pressure on the organisation to introduce devices that cannot be secured or controlled. If the device is left too open, then potential risk is introduced into the enterprise.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Industrial control systems under attack
News Cyber Security
According to Kaspersky ICS CERT statistics, from January to September 2022, 38% of computers in the industrial control systems (ICS) environment in the META region were attacked using multiple means.

OSINT: A new dimension in cybersecurity
Cyber Security
The ancient Chinese strategist Sun Tzu noted, you should always try to know what the enemy knows and know more than the enemy.

Sasol ensures Zero Trust for SAP financials with bioLock
Technews Publishing Editor's Choice Cyber Security Security Services & Risk Management
Multi-factor authentication, including biometrics, for SAP Financials from realtime North America prevents financial compliance avoidance for Sasol.

Building a holistic application security process
Altron Arrow Cyber Security
Altron Arrow asks what it means to build a holistic AppSec process. Learn what’s involved in a holistic approach and how to get started.

Managing data privacy concerns when moving to the cloud
Cyber Security
While the cloud offers many business benefits, it can also raise concerns around compliance, and some organisations have taken the approach of staying out of the cloud for this reason.

Accelerating your Zero Trust journey in manufacturing
IT infrastructure Cyber Security Industrial (Industry)
Francois van Hirtum, CTO of Obscure Technologies, advises manufacturers on a strategic approach to safeguarding their businesses against cyber breaches.

The democratisation of threats
Cyber Security
Bugcrowd looks at some of the primary vulnerabilities the world faced in 2021, and the risks moving forward with growing attack surfaces and lucrative returns on crime.

Protecting yourself from DDoS attacks
Cyber Security Security Services & Risk Management
A DDoS attack, when an attacker floods a server or network with Internet traffic to prevent users from accessing connected online services, can be costly in both earnings and reputation.

Exploiting Android accessibility services
Cyber Security
Pradeo Security recently neutralised an application using Android accessibility services that exploits the permission to perform fraudulent banking transactions.

Cyber resilience is more than cybersecurity
Technews Publishing Editor's Choice Cyber Security Integrated Solutions IT infrastructure
Hi-Tech Security Solutions held a round-table discussion focusing on cyber resilience and found that while the resilience discipline includes cybersecurity, it also goes much further.