- Kathleen Richards, Information Security
In the wake of Microsoft’s about face on the touchscreen-driven Windows 8 designed to mirror its Windows Phone and tablet interface, our June cover story looks at new data on mobile device management solutions and the challenges of securing consumer-driven platforms. No one will be surprised that mobile devices are continuing to make inroads in many organizations. This includes tablets, which are expected to usurp laptops in organizations that support this trend, in the next five years.
What may surprise some readers, however, is that unlike desktops and laptops, when it comes to mobile devices, workers’ preferences matter. As Philip Clarke, research analyst and co-leader of the Wireless and Mobility track at Nemertes Research, reports in his June cover story on MDM: “Workers’ preferences for Apple’s iOS and Google’s Android mobile operating systems are driving out enterprise-friendly platforms such as BlackBerry’s longtime OS (now called BlackBerry 10) and Microsoft’s Windows Mobile OS.”
That presents a dilemma for security-minded IT professionals. According to Clarke, “Microsoft Exchange ActiveSync (EAS) continues to be used by IT departments to force limited security policies onto iOS and Android devices, such as requiring PINs, passwords and other authentication credentials for access onto Exchange.” However, EAS is not able to manage core device functionality, or applications of Apple iOS and Google Android smartphones and tablets. With BlackBerry and Windows Mobile OS/Windows Phone, now representing just 30% of workers’ devices, according to Nemertes Research, the average company requires some type of MDM or mobile application management. Network-based MDM (NMDM) is a category to watch in environments that have heavy bring your own device use.
Frequent contributor, Joseph Granneman, provides an update on FedRAMP and the joint efforts among government entities and the private sector to build a catalog of accredited cloud service providers. So far, only three cloud service providers have received accreditation. Joe checked in with eight of the 17 certified third-party assessment organizations (3PAOs) to get their feedback on how the program is going and things that could ease the process. “There is a lot of business opportunity for cloud service providers that do get on the government-approved list,” he writes. “One important side benefit to FedRAMP accreditation is the overlap with other compliance initiatives such as HIPAA or PCI.”
Finally, I interviewed a range of thought leaders about the challenges of using big data analytics for security for a feature this month. As I suspected, what constitutes “big data analytics” and where the security industry is really at, depends on whom you talk to. While many organizations are being advised to leverage as much data as possible to provide a holistic view into business risks beyond IT, the challenges of big data analytics require CISOs to proceed with caution and consider using analytics first on structured data. “People who complain about the complexity of a SIEM product, would be crazy to go and build and operate their own Hadoop cluster,” said Anton Chuvakin, the research director of security and risk management at Gartner.
One area that the feature does not address is the issue of privacy, especially how it applies to internal employees as companies are flooded with unstructured data and social media. Herb Kelsey, the vice president of analytics at Opera Solutions, noted the kinks that occurred when some employers wanted passwords to workers’ Facebook accounts. Kelsey thinks the tensions between privacy and pursuing security initiatives will be areas to watch because “Federal laws have not even scratched the surface.” Sounds like a great topic for a future article.
About the author:
Kathleen Richards is the features editor at Information Security magazine. Contact her at email@example.com.
Send comments on this column to firstname.lastname@example.org.
Dig Deeper on BYOD and mobile device security best practices
Black swan event: Preparing for a dual ransomware attack
Can the NSCAP improve enterprise security with the CIRA certification?
NHS trust signals positive response to data security
EU data protection reform threatens NHS record-sharing plans