If industry analysts are correct, enterprises facing the challenge of creating abring-your-own-device (BYOD) policy to gaincontrol of Google Android and Apple iOS smartphones and tablets and secure the corporate dataflowing to those devices are likely to get an earful at RSA Conference 2012.
There are people with three or four devices trying to get on the network and thats one of thebig issues.
John Kindervag, principal analyst, Forrester Research Inc.
For the first time at RSA Conference, mobiledevice security this year has its own session track, meaning a whole state of sessions andspeakers will be focused on the topic. While plenty of sensational, headline-grabbing mobilemalware attacks and maliciousapplications are areas of concern, enterprises are struggling with the practical challenges ofextending corporate security policies to the hordes or personally owned devices accessing thenetwork, said Andrew Hay, a senior security analyst at New York-based analyst firm The 451Group.
IT security teams want the ability to track down and wipe lost or stolen devices, ensure secureaccess to corporate resources, and address mobile application security issues, said Hay, who isparticipating in a panel discussion on whether enterprises are up for the challenge.
There are a lot of organizations that are comfortable with their perimeter demarcation andstarting to look at other sources of data exfiltration. Mobileis definitely one of those things, Hay said in a conference call previewing RSA 2012. Itgoes beyond standard mobiledevice management.
The BYOD phenomenon has also created a myriad of legal and technical challenges for enterprises,Hay said. How does an enterprise ensure standard security best practices are enforced withoutputting severe restrictions on an employees personally owned device? RSA 2012 offers atleast six sessions addressing BYOD issues. AThursday panel discussion, BYOD: Securing Mobile Devices You Dont Own, will explore wayssecurity pros can address the challenges posed by personally owned devices. Meanwhile, anothersession, Mobile Devices: A Privacy & Security Check-In, will provide insight on BYOD from theperspective of a group of legal and policy experts.
While some organizations are either restricting mobile access to corporate data to only thoseusers with BlackBerrys or not addressing policy enforcement on iPhone or Android devices at all, atsome point compliance and governance issues must be addressed, said John Kindervag, principalanalyst at Cambridge, Mass.-based Forrester Research Inc.
Were going to have to live with it and deal with it, Kindervag said. There are people withthree or four devices trying to get on the network and thats one of the big issues.
RSA Conference 2012 attendees are also likely to be inundated with new security productsdesigned to address mobile concerns. Some enterprises are testing out mobile security software witha limited subset of users; others are waiting for technologies to evolve, said Jason Clark, CSO ofLos Gatos, Calif.-based security vendor Websense Inc. Clark said a lot of enterprise CISOs seem tobe looking for peace of mind when it comes to mobile.
I view a laptop as being significantly more risky than I do an iPhone or an iPad, but peopleview the mobile devices as riskier because there is zero visibility and no endpoint security onthem, Clark said. The truth is that theres so much more malware targeted against the laptop,while with the iPhone and iPad youve got a much more hardened environment with less data containedin it.
In an RSA Conference 2012 session about information security in the year 2020, attendees will beasked to predict future threats and data security challenges to the enterprise. Mobile challengeswill likely be a part of the discussion, said Pete Lindstrom, research director atPennsylvania-based Spire Security, who is leading the session on Tuesday.
Lindstrom said the current defense-in-depth or zero-trust models may change because of increasedmobility. He said people may look for ways to obfuscate themselves while on the network and onlyspend a limited time connected. Instead of thinking about how to secure themselves on the network,Lindstrom said people in the future might think about the notion of protecting themselves simply bydisconnecting.
Ive seen some cool stuff related to network security based on the proximity of mobiledevices, Lindstrom said. Were already seeing some innovation with mobility, but Im hoping tospur some more discussion and innovation.
Follow @rwestervelt
View all of our RSA2012 Conference coverage.
0 comments:
Post a Comment