Enjoying many advantages in productivity, efficiency and flexibility, many current security efforts in organizations may lag behind exposures and risks. Organizations are either not fully aware of existing security issues facing the organization or simply treating these issues as a sole IT task. Very likely, such issues often remind IT managers to look into a number of technologies or software tools, such as firewall, , file encryption, etc. Not surprisingly, this often leads to an insufficient or failed effort. Merely focusing on technologies cannot conquer the organization's weaknesses in employees' behavior, and inherent gaps in policy and management processes.
Rapid development of mobile technologies and applications has increasingly changed the way organizations do business, as well as their risk management environment. To effectively minimize an organization's security risks requires a corporate wide effort in security strategy, policy development, employee training and revised IT infrastructure. Here are five steps of how to achieve effective mobile security governance:
Knowing Your Mobile Environment Risks
Using mobile devices to get a job done anywhere as you move is a great benefit to many organizations. But the reality is that organizations at the same time also face a variety of unprecedented exposures and risks. These risks are a result of potential exploitations of weaknesses in technology, organization and its employees. Each year, millions of mobile devices are lost, stolen or discarded with personal information still in device memory. Loss of a mobile device that contains personal identity and network access credentials opens an organization for unauthorized network access and intrusion. Mobile data disclosure of business confidential information and personal records puts an organization at high risk of legal and regulatory compliance.
To develop an effective mobile security strategy, it is essential to understand an organization's mobile security risk profile. The fundamental questions include: