Most enterprises put tremendous faith in their mobile security policies to minimize the risk of security breaches when devices and employees are in the field. However, even with the most comprehensive and even restrictive policies and extensive monitoring for security threats, many organizations suffer from a lack of visibility into what devices are doing when they are used on public Wi-Fi or carrier networks.
This gap in visibility can lead to real vulnerability. But today, enterprises can transform devices into sensors that provide greater detail about the networks employees connect to. By leveraging information about the device, the network it’s connected to and more, it’s now possible to not only better mitigate security threats but maximize performance, control costs and improve the user experience.
Better Security (And Performance) Begins With Better Visibility
Employees are accustomed to using public Wi-Fi and carrier networks throughout the day, and when they do, it’s common for IT to lose complete visibility into their sessions. In fact, a recent study from Enterprise Mobility Exchange that we helped sponsor revealed (registration required) that a majority of businesses (63%) could not or were unsure if they could monitor devices beyond the company firewall. Without this information, organizations can’t adequately protect their workers against mobile security threats. It takes real-time data to know if employees are connecting to unsecured Wi-Fi, have disabled VPNs or are sending data traffic to overseas servers.
In a seeming contradiction, the same study also revealed that enterprises fear data leakage (45%) the most, but the majority still don’t mandate the use of a VPN. In fact, nearly 70% said using a VPN was optional.
While many mobile security risks are posed by bad actors, breaches are often the direct result of the actions of mobile workers themselves. This can range from not regularly running software updates to accidentally clicking on insecure links.
And it’s not just security that suffers when enterprises can’t see what’s happening with their devices and employees in the field. The lack of visibility can also negatively impact team productivity and customer service. That’s particularly true when there’s a problem with a device or a network. Troubleshooting for employees on third-party networks typically requires IT to rely heavily on guesswork or trial and error. This time-consuming process ties up IT resources, takes employees offline and means that they are often unable to meet customer needs. Thankfully, the data required to close the mobile enterprise security gap and keep workers productive is within reach.
The More You See, The More You Know
The growing need to evaluate mobile data across networks is evident. Today, some of this data is available but not in one place. It is scattered across many systems within an environment and requires multiple people to collect the information from different log files. For example, mobile device management (MDM) solutions provide valuable device information such as basic last-known location and what applications are installed, but wouldn’t it be helpful to know the detailed device location history to see the bigger picture or what apps are actually being used and where the data is going to proactively mitigate security threats?
There is also a type of analytics platform called operational intelligence. This approach requires a simple client software to gather detailed information on the mobile technology and networks employees use. The data can then be aggregated to build a complete picture of the deployment.
Another way IT can gather some of the information on data traffic is from web proxy or firewall logs, but they are unable to correlate data across the data set and understand the breakdown of usage by network type, especially on Wi-Fi or cellular networks they don’t own.
How do you know if greater mobile device and network visibility is needed in your business? Here are some tips for finding out:
• Examine the mobile IT ticket process. Can IT quickly find the source of most issues on third-party networks? Do the same issues recur?
• Review IT intervention methods. IT teams should rarely need to have the device to troubleshoot but instead manage and configure them remotely.
• Audit the use of corporate security policies. Is it mandatory to use a mobile VPN? If so, can you easily verify they are in use right now?
• Ensure policies can be enforced in bulk. That is, key policies to ensure performance or security can be rolled out at once as opposed to individually.
• How proactive is IT? Are teams aware of common problems or security threats and taking proactive steps to prevent them before an employee experiences their side effect?
IDC estimates worldwide mobility spend will reach $1.72 trillion in 2021. It's critical that your business simultaneously achieves better mobile performance and security from these investments by utilizing the suggested tools and tactics to improve your visibility.
