Secure your business

Security on the move: Keeping mobile businesses safe

The absence of mobile and shadow IT policy may be stifling your business productivity. Telstra’s Hugh Stodart looks at the security challenges.

Security on the move: Keeping mobile businesses safe

There’s no doubt that strategic use of mobile technology has made organisations more productive. However, in many cases the adoption of new technologies and way of working have also changed, and in some cases increased, the level of cyber threats businesses face.

IN:SIGHT spoke with Telstra’s Product Portfolio Manager Hugh Stodart about the practical measures business leaders can take to keep their information secure without compromising productivity.

The traditional ‘perimeter’ security model is broken down by demand for increased end-user mobility and greater flexibility in the way applications are managed and used, including cloud adoption.

Stodart says the threat landscape is rapidly broadening and the new ‘mobile business’ needs to address the security implications of these trends.

“The security measures required for protecting your data are conceptually the same,” Stodart says. “Elements such as access control, monitoring use and policy compliance are still relevant, but in many cases new tools are required to give your organisation visibility and control over mobile devices and cloud applications.”

Stodart says Telstra’s 5 Knows of Cyber Security framework is a good starting point for business leaders to address risk.

“Know where your data is and how important that data is not only for you, but for potential malicious parties who may seek to have access to that data,” he says. “It is also critical that you know how well that data is protected and who is protecting it. What kinds of solutions do you use to protect your most valuable data?’

Mobile businesses also face the challenge of mobile device use without prudent security policies in place and the adoption of ‘shadow IT’ driven by easy access to Cloud services, also without well-defined or established policies.

To create a more secure work environment, Stodart recommends a number of device policy guidelines, starting with a bring your own device (BYOD) acceptable use policy that also covers employees who leave an organisation but take their mobile device with them.

“Ensure you have end-point protection on all devices within your organisation including mobiles, tablets, laptops, PCs and server infrastructure,” Stodart says. He also recommends adding remote policy device management using technologies such as mobile device management (MDM), mobile application management (MAM), or mobile content management (MCM) to keep business data separate from personal data.

Other tactical measures on Stodart’s security checklist include encryption of corporate data when it is stored on a device and when it is being accessed, and ensuring the use of VPN encryption for connectivity back to the corporate network.

“Regularly update devices with the latest operating systems and patches and never allow ‘jailbroken’ devices, or devices which have had default user access privileges overcome, onto your network,” he says. “Use strong passwords on devices and, where possible, use two-factor authentication for access to sensitive applications or data.”

“Get ahead of the curve by providing access to a broad range of approved Cloud-based apps, giving employees the freedom to select what best meets their needs.”
Hugh Stodart, Security Product Portfolio Manager

Shadow IT requires a measured approach

With so many options for on-demand IT services delivered from the cloud, end users often adopt applications that are not sanctioned by the CIO or other business leaders. This ‘shadow IT’ trend must be managed to avoid security issues.

To control shadow IT, Stodart says organisations need to have a clear position and process for procuring cloud applications in their corporate acceptable use policies.

“Implement tools to provide real-time auditing of the use of unauthorised cloud applications and potential shadow IT data exposures,” he says.

Stodart does not, however, recommend simply blocking popular SaaS applications outright. “Employees are usually simply trying to get their jobs done. Work with employees to understand their requirements and agree on a suitable application fit for purpose that allows you to monitor and block sensitive data leaving the organisation,” he says.

“Get ahead of the curve by providing access to a broad range of approved cloud-based apps that give employees the freedom to select what best meets their needs.”

The mobile business of 2016 faces numerous security challenges. However, with prudent planning and oversight, the benefits in productivity will continue to materialise.

The traditional perimeter security model is being broken down by demand for increased end-user mobility, requiring increased focus on:
  • BYOD equipment
  • End-point protection
  • Shadow IT and non-approved software
  • Access to IT facilities, especially software
Download the report

Find out more about our Telstra Cyber Security Report 2016.

Find Out More

Related News

How to prepare your network for the world of tomorrow
Reach global markets
Reach global markets
How to prepare your network for the world of tomorrow

We investigate the technologies you need to prepare your global network for a disruptive decade. We’re on the cusp of a global data explosion. In its Essential Guide to Network...

2018's top technology trends
Create transformative innovation
Create transformative innovation
2018's top technology trends

From the introduction of 5G and GDPR to the mainstream embrace of multi-cloud environments, we take a look at 2018’s biggest technology trends. 1.     Building Australia’s firs...

Next-gen collaboration: How to work with AI
Liberate your workforce
Liberate your workforce
Next-gen collaboration: How to work with AI

We take a look at how Australian businesses are using AI as the next step on their digital transformation journeys to enhance collaboration and productivity. Australian busines...

VicRoads Camera
Optimise your IT
Optimise your IT
VicRoads digital transformation in the cloud and beyond

How VicRoads managed its cloud migration, improving data compliance and streamlining its digital operations. Last year, VicRoads embarked on an ambitious project to revolution...