So today saw the launch of Juniper Networks’ Trusted Mobility Index research and findings. We held an exclusive breakfast meeting with selected journalists to hear the findings of this research in London this morning.
Penny Still introduced the session and set the scene and agenda. She highlighted that the research combined theories and best practices about Trusted Mobility and gave a short summary on how the research was conducted with over 4,000 respondents interviewed in US, UK, Germany, Japan and China.
Today’s speakers at the event included;
• Nushin Hernandez, Analyst, IT Security Analysis and Mobile Security Analysis Services, Canalys
• Paul Gainham, Senior Director, Marketing, EMEA, Juniper Networks
• John Smith, ICT Network Manager, Settle College
• Oliver Crofton, Ethical Hacker, Vigilante Bespoke
Analyst Reflections on Mobile Device Strategies
First up was Nushin Hernandez, she presented the strategies which IT Directors and Managers should look at when considering implementing Bring Your Own Device (BYOD). She stated that mobile devices pose a serious threat to organisations and this challenge is growing in the mobile workplace, which is further amplified with the continued rise in data consumption and the use of multiple internet connected devices.
Canalys estimates that the there will be a considerable growth in mobile device ownership, between 2011 and 2015 there will
be a compound increase in growth of 43%. This poses great security implications with accessing the corporate network. Highlighting a need to create a device policy, without this organisations risk losing control of the network.
Canalys recommends the following mobile device strategy;
1. Implement user profiling including privileges and access rights.
2. Device liabilities – identify what devices are accessing the network? Implement robust mobile security.
3. Locations visibility – where are people accessing the network? Campus, Branch, Home or Public. Here you need robust network security solution.
4. Application awareness – what type of applications is trusted? Implement security management and signatures.
Nushin closed with stating that you need to think holistically when allowing mobile devices to access the network. So, make sure you are aware of what mobile devices are accessing the network, implement security management and look at your network security. Finally, don’t forget to educate users!
Drilling Down into the Trusted Mobility Index Research
Paul Gainham shared his analysis from the Trusted Mobility Index. Saying that there are plenty of reports out there on threats, but this report differs as it focuses on finding out people’s perceptions, their security challenges and users taking security seriously.
The reality is that people are using devices in multiple ways to access corporate networks, but there are organisations in denial that this is actually happening. Thus, presenting the trust gap issue between users and IT departments.
There are excellent security measures for the traditional network, but not many organisations are truly implementing a strong secure mobile solution. Paul commented that the new security perimeter is wherever the data is and that could be on a smartphone, a laptop a tablet or in a cloud data centre. As professionals we need to look at security in a holistic manner, by thinking about the mobile device as another computer with data, this is key to securing the network.
From the Trusted Mobility Index Paul shared that no one has just one device nowadays with many people owning three to five internet connected devices. This can create a security nightmare and a complex challenge for IT departments, which can’t be ignored. IT departments need a clear policy and decide on “access” or “no access”.
But to have no policy in place and grow organically leads along a risky security breach pathway.
76% of respondents in the UK said that they accessed sensitive corporate data from their mobile devices. People feel empowered with being able to access corporate data with their personal device.
Another interesting fact was that 65% of UK IT managers think people aren’t using their devices to access the corporate network – don’t bury your head in the sand and think this is going to go away; it is only going to grow. So, don’t get left behind.
20% of respondents surveyed in the UK were confident in their device security. It seems that people still see smartphones as a phone rather than a computer.
Paul continued to talk about the risks posed with BYOD mainly; personal data and corporate network access breaches. The lines between personal and business life are blurring, hence the rise in popularity of BYOD. People are using their own devices on the network now - ignore at your peril.
He also stated that mobile computing needs to move quickly to the same standards as desktop computing, but don’t ignore securing laptops, you need a connected solution.
Paul concluded that confidence comes from education and knowledge, both of which close the trust gap. We need to trust network security, device security and reliability.
Students Bring Your Own Device at Settle College
John Smith, ICT Network Manager, Settle College has a wealth of experience with BYOD; he’s implemented BYOD in the college he works for. All students wishing to use their own mobile devices on the college network must first register and agree to the BYOD policy. They are then allowed access to the secure environment in order to interact with the virtual learning platform and access the managed wireless network.
Obviously implementing BYOD in a college, which teaches 11 to 18 year olds, presents a great degree of trust from the teachers’ point of view. Students previously were not allowed access to mobile devices and tablets within the classroom prior to BYOD, but now they can use these devices to research and help compliment their studies. The biggest advantage for teachers is that they don’t need to book a computer room and the plus side for the IT department is less devices need to be purchased thus draining valuable education funds. BYOD enables anytime, anywhere learning!
Settle College has embraced technology and BYOD, as students want to use their own devices in the learning environment. Feedback from students is good – they feel like they are treated like adults before going to university. The students are very good at peer support, this has been key to making BYOD work in Settle College.
Last up to speak was Oliver Crofton, an Ethical Hacker – he said that BYOD now makes it so much easier for hackers to get into networks.
He showed a couple of journalists how easy it was to send spoof text messages and start stalking someone on Facebook and collect mobile numbers – which is very scary stuff.
Oliver shared some of his experiences of identifying bugs and spyware that have landed on some of his clients’ mobile devices when accessing fake unsecure wireless networks. The rogue software tracks the entire mobile device’s activity. So, do be careful when accessing unknown unsecure wireless networks.
He continued to state that there is a challenge within organisations managing approved devices, it just takes one person to get something new and have approval to access the network, then everyone wants the same and if you don’t have a BYOD policy in place this can quickly escalate.
Oliver also mentioned that there is an increasing trend of C-level executives and non-executive directors being targeted by hackers. These people are being targeted in their homes and via their mobile devices.
Mobile devices make it easy for hackers to access a network, and remember that no mobile device is 100% secure. It is important to understand the vulnerability in the network and fix this.
Oliver then closed his slot with saying that BYOD boils down to education – BYOD is definitely the future; we must embrace this new concept and educate users on the threats associated with using an unsecure device to access sensitive data.
In conclusion, the common theme from today’s Trusted Mobility Index session was EDUCATION; people need to know the threats and risks of BYOD and mobile devices. If you’re not secure, you could become a victim of a hacker.
Does this resonate with you? Do you have a mobile security policy in place? What challenges are you facing with mobile security? Pop your comments below, thanks.