Risk
3/23/2012
12:26 PM
50%
50%

Compliance In An Age Of Mobility

Regulated companies put compliance efforts in jeopardy unless they address mobility.

10 Companies Driving Mobile Security
10 Companies Driving Mobile Security
(click image for larger view and for slideshow)
Mobility might be rewriting some of the rules of business today, but some sets of rules it hasn't budged are the ones written by IT regulators. As organizations get their grips on the operational and endpoint security ramifications of persistent and pervasive mobility, they also need to think about how it is changing the way users interact with and store data, and what that means for ongoing compliance efforts.

"Compliance and regulatory rules still apply," said Wayne Wong, managing consultant for Kroll Ontrack's electronically stored information consulting group. "One of the truisms of compliance is that the principles remain the same regardless of the technology. All it is is a tweaking of the technical details of how you do it, but the obligations are the same. I think people think that it's a whole brand-new way of looking at compliance with mobility, but it really isn't. It's exactly the same."

According to some, this is going to require IT departments solidly fixed in an operations-focused mentality to shift paradigms.

"Due to cloud services and the consumerization of IT, corporate data is being housed both inside and outside the enterprise as well as in mobile user devices," said Eric Chiu, president and founder of HyTrust, a cloud compliance company. "With this trend, IT will need to move from being operational in function to being more control and governance-focused."

Getting a handle on governance of mobility practices requires businesses stop the wait-and-see game that has kept many from developing mobile policies until things seemingly settle down. As Mike Weber, managing director of Coalfire Labs, puts it, if your organization is "wishy-washy" about its mobile device policies, now is the time to take a stand.

"The most frequent problem we have seen is a lack of solid company standing on any issue. Without guidance and a documented 'company line' on mobile device usage, a company has no assurance that their staff understands the risks these devices bring, and further has no recourse in the event staff fail to report loss, theft, or suspicious activity," he said. "In the event of a data breach that goes unreported, a company may be faced with substantial fines and penalties depending on the state, industry, and regulation violated. If your organization is 'wishy-washy' on mobile device usage, it's time to pick a position and stick with it."

Read the rest of this article on Dark Reading.

The Enterprise Connect conference program covers the full range of platforms, services, and applications that comprise modern communications and collaboration systems. It happens March 26-29 in Orlando, Fla. Find out more.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.