By: Evan Dumas, Regional Director, Southeast Asia, Check Point Software Technologies
Securing the mobile workforce is an absolute must, especially for businesses today. With remote working being the new norm, it is important for organisations to be aware of mobile risks and have visibility into the threat space, or risk crippling the organisation when an attack strikes.
With so many offerings in the market, what are the absolutes to look out for when considering a mobile security solution? Check Point shares 5 key principles organisations should consider when selecting a mobile security solution.
1. 360° protection on all attack vectors
Mobile devices have 3 key vectors of attack: the device’s operations system (OS), the applications, and the network. When choosing a suitable solution, be sure to evaluate the solution’s capabilities to cover and secure all 3 vectors.
The solution should be able to:
- Perform real-time risk assessments to detect attacks, vulnerabilities, configuration changes, and advanced rooting and jailbreaking techniques on the OS
- Conduct behavioural cloud-based assessments of each downloaded application to detect and block the download of malicious apps in real-time.
- Prevent credential theft by proactively blocking phishing sites on the network, even those that have never been seen before. They should also block man-in-the-middle attacks and prevent data exfiltration to command control servers by leveraging anti-bot capabilities.
2. Full Visibility of the Risks
Just like a scout on his task for reconnaissance, an optimal mobile security solution should have full visibility into the risk level of the mobile workforce. The solution should be able to provide IT admins with an easy-to-manage cloud-based dashboard with full visibility into any incoming threats. The dashboard should also enable IT teams to configure policies with high granularity, as well as ensure that corporate policies are applied to mobile devices attempting to access corporate data.
3. Flexibility for Easy Integration, Deployment & Management
The next criteria for a good mobile security solution is its flexibility for easy integration, deployment, and management. The different types of devices and operating systems that compromise an organisation’s fleet of mobile devices are many — There are iOS, Android, bring-your-own device, corporate-owned units – and that is just the tip of the iceberg. The mobile security solution that you select must be able to support every device type, operating system, and device-ownership model. As the organisation grows, the chosen solution should also be able to scale together with your business, without adding complexity to security operations.
Furthermore, there’s the issue of whether devices are unmanaged or managed by Mobile Device Management (MDM) or Unified Endpoint Management solutions. As such, the mobile security solution should also be able to seamlessly integrate with all market-leading mobile management solutions, and allow for installation of the mobile security client with just one click.
4. Prioritising User Experience
The mobile device is an integral part of our professional and personal lives. Like how advertisements before a video stream are frustrating, introducing any interruption to the user experience because of something that a security solution is doing is unacceptable.
The optimal solution should not impact the devices’ usability, browsing experience, data consumption or battery life. Another consideration relating to the customer experience is user education. The solutions’ provider should offer users clear knowledge about the risks that their device may be exposed to, and how they can remediate a potential threat. This will significantly reduce the volume of tickets that will come into your help desk.
5. Privacy by Design
Beyond having a mobile security solution that delivers great user experience, employees’ privacy must always be guaranteed. This may be tricky when we have a bring-your-own device mobile, as the lines between the use of the mobile device for work versus personal needs have been blurred. Nevertheless, compromising on the privacy of your employees is not an option.
Your selected mobile security solution must be designed to protect users’ privacy. It can do so by making sure that it only collects device metadata, and the IT admins never see which apps the user has downloaded onto their device nor which websites they are browsing, unless these sites or apps are deemed to be risky or malicious and are posing security threats to corporate assets on the device.
A Remote World Full of Threats
Despite the freedom from remote working, employees should never get too comfortable because our naked eyes are often oblivious to the threats and dangers of the cyber world. For organisations, the cost of losing corporate data can be detrimental, and in the new norm of the remote workforce, getting a secured mobile solution for your business is an essential investment.