New data on enterprise mobile security

We polled readers in our annual Enterprise Mobile Security Survey and the 2013 results are in.

We crunched the numbers in this month’s issue to get your take on mobile device security and noticed some telling trends. Access control has moved to the top of many organizations’ security lists in 2013 as device control continues to give way to bring your own device.

The data from our annual Enterprise Mobile Security Survey, fielded in Q2 2013, is presented in “Mobile Security by the Numbers.” Thanks to the 768 IT and security professionals that participated in the survey.

Enterprise mobile security—and data loss prevention—gets even more fun when you add the host of services and networks that mobile devices access regularly throughout the day. In our cover story this month, virtualization infrastructure guru Dave Shackleford looks at how some organizations are starting to control traffic at different layers of their networks and use emerging technologies that facilitate traffic capture, analysis and control.

In addition to new isolation techniques, organizations are looking to collapse their infrastructure through virtualization and unified platforms, writes Shackleford. The principal consultant of Voodoo Security says Fortune 100 companies are replacing traditional Layer 3/4 firewalls and IDS/IPS with next-generation firewalls and virtual appliances.

As we look ahead at emerging technologies designed to facilitate network security architecture in the new world of mobility and cloud services, we also decided to take a look back. Ten years ago, Randy Sabett, CISSP (and now counsel at ZwillGen), examined how to achieve compliance with the then-new California SB 1386 privacy law. As Sabett explained in Information Security magazine in June 2003:

California's new privacy law (SB 1386), which goes into effect July 1, requires any company that conducts business in California and owns or licenses computerized personal data to notify California residents of any actual or suspected security breach that compromises the "security, confidentiality or integrity" of that information. 

This issue, we invited him back to tell us what’s changed (if anything) in the last 10 years;  how the California privacy laws influenced future legislation that requires proactive security measures to prevent data breaches and why some states still don’t offer these protections.

We’d also like to welcome back MacDonnell Ulsch to Information Security magazine. Now CEO and chief analyst at ZeroPoint Risk Research, Don authored this month’s feature on third-party vendor risk management and what’s required in top notch service-level agreements. He tackled this timely topic as U.S. service providers, among others, worry about the global fallout of Eric Snowden’s allegations against the NSA and its effects on selling data storage and related services.

Finally, our education columnists, Doug Jacobson and Julie A. Rursch, instructors in the electrical and computer engineering department of Iowa State University, tell us why big data education is so hard. “Given the void in big data education, it should come as no surprise that the security of big data is not covered in most curriculums,” they write. Could industry partnerships help?

Enjoy the issue and let us know what think.

About the author: Kathleen Richards is the features editor of Information Security magazine. Follow her on Twitter @RichardsKath.

Send comments on this column to [email protected].

This was last published in August 2013

Dig Deeper on BYOD and mobile device security best practices