MDM – Must Do More
Mobile Devices – be those iOS, Android or apparently, even the odd Microsoft Surface, are on the ascendancy in in offices everywhere – from builder’s merchants to banks and everywhere in-between. They’re undeniably fantastic tools for not only consuming business content, but also provide exciting new ways for businesses to operate. They won’t be going away any time soon.
That sleek brushed aluminium can quickly become less appealing when you start considering how to give the things secure access to that corporate data they need to actually be productive tools and not just shiny distractions.
Take a step back and look at just a few of the issues; a relatively immature and diversely fragmented mobile ecosystem with near enough six-monthly Operating System overhauls, the fact that most mobile devices are personally rather than corporately owned, and then there’s the helpful, always-on, 3G connection that’s largely outside corporate purview. It’s enough to make you want to give up on the idea and just go back to another round of Flappy Bird or Sevens.
For those organisations that have taken a more progressive approach than burying their heads in the sand over mobile and/or BYOD devices, a typical first line of defence will be a Mobile Device Management (MDM) product. That will give you some way to enforce device encryption, password policies and perhaps provide secure corporate applications through a containerised approach. These products do work and are no doubt helpful, but conflating a point MDM solution with a thorough Mobile Security Strategy is a dangerous mistake to make.
MDM shouldn’t be your first and only line of defence. For a start, it’s far from perfect – practical attacks against MDM are possible – just look at Lacoon Security’s presentation from last year’s BlackHat conference for a few examples. Installing root access or applications that can’t be detected remains fairly straightforward, again not helped by the fragmentation of mobile operating systems providing such a wide attack surface.
The state of the Android App Store in particular is pretty awful from a security point of view – there are by all accounts around 42,000 malicious apps listed at present. What limited signature based AV exists for mobile devices will always be playing catch-up in just the same way as it does on traditional desktops.
With this in mind, surely it can only be a matter of time before a fully-fledged mobile APT specifically targeting corporate data is discovered (our prediction – it will target executives with invitations to be Beta Testers for a new version of Candy Crush Saga).
Given that MDM and Mobile Endpoint protection both have some way to go in terms of maturity, the importance of a fundamentally sound network security posture becomes even more relevant when you start welcoming mobile devices into your organisation.
In practical terms, you need to be confident that the suspicious network behaviour of a compromised mobile device can be noticed in real time, even if the actual application causing that behaviour can’t. Both understanding normal behaviour of your network, and having sufficient visibility to spot anomalies in real time are key. Alerting on abnormal network traffic profiles and suspicious patterns in application logs in particular hold significant value, but can be hard to implement.
In short, it’s hard to see that a mobility strategy can ever exist without an existing and mature information security strategy to build upon.
If you want to welcome mobile devices onto your network but need honest advice about whether you’re in a position to do that securely, ITC are happy to help.
Our tried and tested ‘five-steps’ model is an easy to understand approach to network security, and will deliver additional assurance to organisations beyond what just a point MDM solution can deliver. With centralised logging, asset modelling, and regular vulnerability scanning all feeding information into an intelligent, correlation based SIEM platform, we can alert on suspicious behaviour in real time regardless of what device the threat is originating from.
Contact us on 020 7517 3900 or email firstname.lastname@example.org if you’re interested and we’ll gladly discuss your needs in more detail.