Mobile Security – The Ultimate Challenge

Publish date:

I’m creating this blog item to celebrate the creation of a global Capgemini security capability from the many national and regional security-related strands scattered around the company.  I’m going to cover mobile security, which is one of the focus areas of our new capability. Mobile security is the response to a tangled bundle of trends, […]

I’m creating this blog item to celebrate the creation of a global Capgemini security capability from the many national and regional security-related strands scattered around the company.  I’m going to cover mobile security, which is one of the focus areas of our new capability.

Mobile security is the response to a tangled bundle of trends, driven by business and user needs, all of which make things more difficult (well, more complicated) for security professionals.  Here are some examples:

  • Physical mobility – users don’t want to work just in an office, they want to be able to work anywhere.  Because there’s more risk that users aren’t in a secure location, they need to be more aware of their surroundings.
  • Mobility of access device – users want to be able to use a wide variety of different access devices, including their own.  This is also called ‘bring your own device’ (BYOD).  There are also more complicated scenarios like consultancies wanting to attach their access devices to client networks.  These raise issues of how an organisation can evaluate the security capabilities of all these devices without controlling them, and how they can control access to their data once it has left the perimeter they control.
  • Mobility of service hosting – cloud computing, in other words.  Organisations want to use services on infrastructures they don’t control themselves.  How can they be sure they can trust these infrastructures, and how can they integrate and orchestrate them together securely?
  • Organisational mobility – the ability for users to move quickly between and within organisations.  More generally, access policies will need to cope with complex multi-stage contractual relationships with staff (for instance, someone may work for an employment agency which hires him to a consultancy which hires him to an end client).  Organisations must be able to provision (and, most importantly, de-provision) staff quickly and conveniently as all these relationships change.

Taken together, these involve turning an organisation ‘inside-out’: instead of being a physical establishment that happens to own some contractual relationships, it becomes a set of contracts that happens to own some physical locations. 

That’s why I describe mobility as the ultimate challenge for security.  It affects everything the security organisation does, from user awareness to access device management to cloud computing to policy development to identity management and provisioning.

Related Posts

Cybersecurity

Is your Operational Technology (OT) environment insider safe?

Dan Leyman
Date icon September 8, 2020

Organizations need to exercise due diligence and care to ensure their vendors, contractors,...

Cybersecurity

Unlocking the power of AI and SOAR for end-to-end cybersecurity

Geert van der Linden
Date icon September 3, 2020

For AI to work effectively, organizations need to build a roadmap that addresses...

Cybersecurity

Identity access management (IAM) – the new normal

Dino Karanikas
Date icon August 27, 2020

Having an upgraded IAM plan in place will not only let you sleep better at night; it will...