Discover PerformanceHP Software's community for IT leaders // April 2014
How to make the mobile era more secure
Bloomberg provides a perspective on mobile security. It’s not easy, but rethinking some assumptions will open new paths.
At a time when cybercriminals are growing in sophistication, widespread use of mobile technology has increased the threat landscape considerably, giving adversaries more exploits to choose from. Mobile computing has done much for global business over the past few years, but for security professionals, the rise of mobility is perhaps not ideal.
A series of articles published recently by Bloomberg explores the pressure that security teams are under, and includes proprietary research that gives insight into the current mindset of IT decision makers. Each article takes a different look at the mobile security dilemma, including executives’ low confidence in the efficacy of their current toolsets and the unnecessary risk exposure that organizations are accepting in the rush to mobilize.
To stay ahead of criminals, enterprise security leaders have learned that they must up their game by becoming more strategic in their thinking. This means taking a very hard look at the people, processes, and tools that they rely on, as these constitute the primary levers security teams can pull to continue raising the bar on security without stifling speed and innovation.
The speed/security conundrum
One of the quandaries in mobile security involves an escalating tug-of-war between speed and security. Senior business executives and IT decision makers want to position their enterprises to capitalize on the mobility trend by being able to provide their customers and employees with a range of apps that they can quickly deploy in an effort to increase revenue. But this effort can be difficult for already overburdened security teams to support.
Moreover, when speed takes precedence over security, risk exposure increases precipitously. Enterprise mobile applications sit side by side with dozens, if not hundreds, of consumer mobile apps and stored personal information.
Despite the need for careful testing, only 51 percent of businesses test their apps before deployment, and only two in five test them both before and after they are released to customers and employees, according to the HP report. But traditional security testing takes time. And thanks to our need for speed, time is one thing already in short supply. Is there a way to do both?
Ending the tug-of-war
This is where strategic thinking comes in handy. Security can move faster and reduce risk. Greater automation can help the security team test thoroughly and stay ahead of trending exploits without a cost in time.
There are other innovations as well. Outside-the-box thinking in security staffing is leading some organizations to close the speed/security gap by using managed security service providers rather than staffing and training in-house security experts from a too-small labor pool.
Similarly, use of Big Data analytics in security is helping organizations discover anomalies and patterns that lead to earlier detection of data leakage.
Execs under pressure
Every organization is under pressure to deploy mobile apps quickly and adapt more rapidly to changing business requirements. Some will innovate at the expense of security, others will push back against the business side to protect slower security processes. The winners, however, will refocus their security strategy on tools and processes that complement—rather than conflict with—an accelerated pace of mobile deployment.
Read more about the pressures facing many security teams in the three-part series from Bloomberg. To learn more about mobile security challenges and best practices, read the free ebook "Mobile software security done right" (reg. req’d).
Ponemon’s 2014 Cost of Cyber Crime study
Join thousands of IT execs, engineers, and solution experts to explore IT trends, strategies, and best practices. (Barcelona,
HP Software’s Paul Muller hosts a weekly video digging into the hottest IT issues. Check out the latest episodes.
Preparing today for tomorrow’s threats.
Introduction to Enterprise 20/20
What will a successful enterprise look like in the future?
Challenges and opportunities for the CIO of the future.
Dev Center 20/20
How will we organize development centers for the apps that will power our enterprises?
Welcome to a new reality of split-second decisions and marketing by the numbers.
IT Operations 20/20
How can you achieve the data center of the future?
What the workforce of 2020 can expect from IT, and what IT can expect from the workforce.
Looking toward the era when everyone — and everything — is connected.
Data Center 20/20
The innovation and revenue engine of the enterprise.