How to Protect Data and Endpoints in the Mobile-Cloud Era
Industry analysts predict deep penetration of enterprise mobility by the year 2020
Mobility and cloud computing are rapidly becoming the norm for enterprises around the world. In turn, enterprise IT departments are facing new management and security challenges as the amount of business data soars and the number of endpoints explodes.
Rise of Enterprise Mobility
Industry analysts predict deep penetration of enterprise mobility by the year 2020. This is certainly true in Singapore, where 82 per cent of employees view flexible work options as a core part of their value proposition. Coupled with a mobile phone penetration rate of almost 150 percent in 2017, this further showcases the need for enterprises to manage numerous endpoints and deal with the explosion of data.
The economic perspective is just as promising. The global enterprise mobility market will be worth as much as $140 billion, predicts the National Association of Software and Services Companies. In Singapore, telecommunications service providers are offering businesses suites of enterprise mobility solutions designed to enhance employee productivity through evolving communications technologies.
Cloud is Here to Stay
The opportunities for Singapore to be a cloud hub for Asia-Pacific are limitless. Two major government initiatives, the creation of the Cyber Security Agency (CSA) and the Smart Nation Programme, demonstrate the country's commitment to cloud.
Singapore's Smart Nation Programme itself will rely on a cloud ecosystem to be successful. The initiative underscores how the cloud is supporting business as well as communities. The government of Singapore has acknowledged the role of the cloud in its future and is supporting its growth.
The flip side of increasing enterprise mobility and cloud usage is the increasing risk to enterprise security. Today, most users have at least two endpoints – a laptop and mobile device – and 80 per cent of network devices are the endpoints that are constantly connected to the Internet and exposed to its threats such as Meltdown, Spectre, Wannacry, and Petya.
More troubling, the typical end-user has little knowledge of those threats or their ramifications. The result is more users are more likely to leak enterprise data by using compromised websites and rogue online services. The Common Vulnerabilities and Exposures (CVE) listed 14,712 cybersecurity vulnerabilities for 2017 and has already listed 2,848 for the first two months of 2018. In response, vendors large and small are releasing patches on a daily basis. Enterprise IT teams clearly need to focus on endpoint security management to ensure business success in the mobile-cloud era.
Endpoint Security Challenges
Keeping endpoints up to date with the latest versions of their operating systems and applications has become a full-time job, one that is getting harder to perform in the mobile enterprise. A growing challenge is the diversity of endpoint operating systems that must be managed, including Android, iOS, MacOS, Windows, Linux, and Chrome OS.
For each, the IT team must learn that operating system along with its corresponding patching technique. Likewise, applications acquired from the various app stores are managed with different techniques that must be learned and mastered so that the team can secure the endpoints.
Another challenge is managing the endpoints from Day one, especially mobile devices. While it's been relatively easy for IT admins to install agent software on desktops and laptops, smartphones and other mobile devices make life harder for the admins because the devices are rarely if ever connected to the corporate network.
Consequently, devices must be provisioned with the necessary mobile device management software before they are given to end-users. Devices that are not appropriately managed are security risks, so no business application should be installed or run on them.
Related to the Day one management challenge is updating endpoints that are on the go, anytime and anywhere. IT teams must be able to install critical patches while employees are travelling, commuting, or otherwise offsite.
Data leakage presents yet another security challenge for IT teams to overcome. Data leakage can happen with or without the knowledge of users. For instance, users may knowingly copy business data to a USB device or upload it to a cloud storage service.
They may also unknowingly expose that data to a public cloud service when using third-party apps such as document viewers and predictive keyboard apps. Such apps may compromise user IDs and passwords, account numbers, and other sensitive enterprise data by exposing it to public cloud services.
When a user's device is lost or stolen, the IT team must be able to track and recover the device or wipe the data if the device isn't recovered. To maintain the user's privacy, however, the IT team cannot continuously track the location of the user's device.
Bring Your Own Device (BYOD)
BYOD presents another privacy versus security challenge: When users use their own devices for business purposes, privacy needs to be maintained. Photos, contacts, and other personal data should not be managed by a company's mobile device management app.
On the other hand, security needs to be maintained, too. To that end, the IT team should create a container on the user's personal device – a secure, managed area that isolates business email, CRM, and other enterprise apps and data from the rest of the user's personal apps/data.
To establish strong endpoint security and prevent unwanted attacks, IT teams must apply strict security policies on their endpoints. Laptops, for instance, should always run a firewall, prevent the creation of unwanted network shares, and encrypt data via BitLocker or FileVault. Such security policies can protect enterprises from the security risks posed by mobility.
Predicting the Development of Data and Endpoint Management
Going forward, machine learning and AI will help make data and endpoint management a proactive, rather than a reactive process. For instance, these technologies could prevent data theft by detecting anomalies such as unusual login activities or an unusually large number of documents being uploaded to the cloud.
They could analyse the root cause of patch deployment failures and suggest fixes. They could also detect system idle times – during lunch hours, for instance – to deploy patches as soon as possible rather than wait until after hours or weekends, which can leave systems unnecessarily vulnerable.
Meanwhile, the Internet of things (IoT) will introduce many organizations to a new breed of endpoints and connected devices. Unlike their iOS and Android-powered predecessors, IoT devices will be running many different operating systems and applications, all of which may be vulnerable yet must be managed and secured.
Finally, most business applications are moving to the cloud and accessed via browser, effectively making the browser an endpoint. That means to defend against attacks, IT teams need to manage browsers and perform all security operations for them just as if they were desktops, laptops or any other device.
As organizations in Singapore continue to adopt mobility and the cloud, they must also adopt the practices necessary to support this new reality. Data and endpoint security and management are priority one in IT departments. For the vast majority of companies around the world, their future success depends on recognizing and committing to that priority.