BYOD Passwords Hacking Cloud Compliance Reviews Privacy

Current Filter: >>>>>>

PREVIOUS

   Current Article ID:8476

NEXT



Real solutions, not band-aids!

Editorial Type:     Date: 01-2018    Views: 1953      









Enterprise I.T. is faced with a treadmill of challenges fuelled by new cloud and mobile initiatives. How can these be engaged with at the highest level and overcome?

The need to ensure security compliance in an increasingly agile world where BYOD is becoming the new mobility norm, with or without IT's blessing, is both complex and potentially costly. While workers should be good custodians of enterprise data, the evidence suggests that they often are not.

"Keeper Security, a provider of password management and digital vault software, conducted a recent study of password usage and found that the most popular password, making up nearly 17% of the 10 million passwords reviewed, was '123456'. Can enterprises really rely on users to protect their data from today's cybercriminals, even with safeguards in place?" asks Dan Dearing, senior director of Product & Solutions Marketing for Pulse Secure. In their solution search to lock down their mobile users, enterprises are often steered by vendors and other market influencers to best-of-breed point Enterprise Mobility Management (EMM) solutions, he says. "These sophisticated solutions are deemed too complex by the resource-constrained IT teams of the small and medium enterprise. Instead, many looked to their Microsoft Exchange email server as a quick band-aid."

As these enterprises adopt more sophisticated mobility strategies that now include mobile apps and BYOD, they are finding that Exchange has some critical shortcomings, Dearing adds. "Exchange-based mobile security is best suited for corporate-managed devices that do not require the use of a BYOD container to protect enterprise data while also respecting user privacy. As workers look to mobile devices as a laptop replacement, IT teams are mobilising legacy applications and now need a way to manage the deployment and use of enterprise apps - a capability not provided by Exchange."

So, how can enterprises best secure their users without burdening their IT team? "The best advice would be for organisations to look for lightweight EMM solutions that manage a security container and not the device. Security containers, such as Android for Work, are embedded directly in the device. Combine that with a complex PIN/passcode on the device and the use of certificate authentication for application access, and enterprises can give workers the user experience they desire, while ensuring enterprise access to data centre applications and cloud services is compliant with their required security policies and regulatory standards," he advises

A final tip he offers is giving more consideration to regular device discovery and auditing, especially as laptops and other devices move within and sometimes leave the organisation; there can be devices that slip through the management cracks, leading to dangerous, but often overlooked, weaknesses. "Constant vigilance is needed to ensure that new OS updates and patches are applied to preserve security controls for information access," he states.

CULTURE OF SECURITY
According to Marc Sollars, CTO, Teneo, one of the biggest challenges for companies' senior managers is how to embed a culture of security within their organisations. "Leading on from that, the challenge is where to find industry innovations that make security rules and applications simpler - perhaps even enjoyable - to use. Whisper it, but could staff move on from being the weakest link in information security?"

In the last couple of years, software vendors have successfully reinvented two-factor network authentication, notorious for its clunky security tokens, as a 'single tap' two-factor authentication on staff mobile devices and tablets, he points out. "This easy set-up makes employees' network log-in process less onerous, but it also enables staff to report suspicious activity on their network with a similar 'one tap' action. The employee makes a single tap on a smartphone screen button: green - 'approve' or red - 'deny' as their second stage of authentication after inputting their usual network password. Staff members no longer have to fumble with 'key fob' tokens or manually input codes, and the streamlined access reduces the incidence of user input error and passcode reset requests."

Page   1  2  3

Like this article? Click here to get the Newsletter and Magazine Free!

Email The Editor!         OR         Forward ArticleGo Top


PREVIOUS

                    


NEXT