With the unprecedented growth of mobile devices entering enterprise network, mobile device management (MDM) and mobile security management (MSM) have gained significant relevance in improving productivity in enterprises.
Novell, which provides software to make enterprises more productive, reveals BYOD and mobility bring serious security concerns in enterprises. With smartphones rated as one of the top accessories at risk, enterprises are at risk of losing confidential information such as company information, database, password, sensitive client information, tax ID numbers, business plans, compensation & health records, and more.
In an exclusive interaction with Infotech Lead, Sreehari S, managing director, India Development Center, Novell, said CIOs need to work out a comprehensive security policy for the enterprise on the advice of their CISOs, than a piece-meal and reactive approaches.
“Before embracing BYOD, they must define a BYOD policy for their employees and implement an MDM solution which is integrated with the End Point Management solution that is used to manage traditional desktops,” Sreehari said. “They also need to implement a scalable and integrated Identity & Access Governance and SIEM solutions that helps in policy & role management and compliance. As they start taking advantage of cloud services and SaaS, they must implement effective cloud access solutions which are integrated with Enterprise Identity.”
Calculating ROI from a security deployment is not easy because there are many approximations and assumptions. “It is often more than just some monetary loss. Having said that, it is important that the decision makers (CIOs) look at the past data of the security incidents and make estimations based on those insights. The ROI from a security solution is a combination of 3 major factors – cost of potential loss (in case an incident happens), cost of a security solution and an approximate mitigation that one can achieve from the security offering. It is critical that the CIOs calculate the cost of the incidents accurately and preferably from more than just one incident in the past.”
Novell MD suggests CIOs should look at the following parameters while choosing a security solution. a. Time to value
i)) How quickly and easily the solution can be deployed Out of the Box.
ii) How much flexibility and tailoring is possible as per the Organization need
iii) How quickly the breaches in the network can be found
iv) How the solution is scalable to address the BYOD issues. This is coming most prevalent at current times.
b. Effective Post Deployment Support
c. Wide device support – Look for a solution that is capable of managing / monitoring most of your current devices & possible additions
d. Choose a solution that is well integrated with other solutions from the same vendor and others
e. Adequately trained staff that can leverage the most from the deployments
Above all this they also must ensure that the workforce is well advised and educated on potential threats, information security concerns and security best practices, he added.
BYOD, which was the direct result of smartphone explosion, has emerged as one of the primary growth factors in security software market worldwide, which grew by about 8 percent in 2012. eCommerce trends and cloud services are also contributing for the growth. In addition to these, local regulation and governance also drive the security software market forward. Security software adoption is on rise in all key verticals like Healthcare, Financial services, Retail, Energy, eCommerce, Government and Manufacturing.
Consumerization and BYOD are forcing enterprises to manage a wide range of official and personal devices. Enterprises are increasingly focusing on Mobile Device Management and Mobile Application Management to secure devices and the information contained on the devices. They are also concentrating on making the network secure by implementing effective Mobile Access solutions.
Today’s mobile workforce that connects from anywhere and the increase in access to enterprise applications from these devices is throwing an ever increasing challenge to enterprise information security. Hackers are constantly testing the traditional boundaries of network security. While networks have to enable employees access to services from devices such as iPads, Android phones, tablets and PCs, comprehensive security systems have to be put in place to ensure secure access across platforms over these expanding network boundaries.
With seven more stringent regulatory enforcements, enterprises are investing heavily on Access Governance & SIEM solutions.
We see a faster uptake in the adoption of cloud services and SaaS applications by SMEs. This trend poses a big challenge to network security as the current security measure as inadequate to deal with this new paradigm. As the cloud adoption is evolving, so will new policy controls for access to cloud services.
In addition to the above, enterprise IT also face threats from new type of security threats. With the adoption of virtualization and cloud new kinds of threats are emerging – they go beyond malware and denial of service to data theft and VM proliferation.
Emergence of BYOD and Mobile Access opens doors to a wide range of security threats. While CIOs make all efforts to make the environment secure, they also need access to actionable security intelligence to respond to potential threats quickly and decisively. Novell’s NetIQ business of Attachmate Group offers Security Management solutions that provide visibility and control of user activities, security events, and critical systems across the organization to help reduce the risk of a data breach and keep your systems compliant.
Novell’s NetIQ portfolio includes NetIQ Sentinel, a Security Information and Event Management (SIEM) solution that simplifies the deployment, management and day-to-day use of SIEM; NetIQ Secure Configuration Manager that helps clients proactively enforce security configuration policy across critical systems in evolving IT environments; and NetIQ Change Guardian that gives them security intelligence they need to rapidly identify and respond to privileged user activities at an individual file level that could signal a security breach or result in compliance gaps.
Rajani Baburajan
