12:26 PM

Compliance In An Age Of Mobility

Regulated companies put compliance efforts in jeopardy unless they address mobility.

10 Companies Driving Mobile Security
10 Companies Driving Mobile Security
(click image for larger view and for slideshow)
Mobility might be rewriting some of the rules of business today, but some sets of rules it hasn't budged are the ones written by IT regulators. As organizations get their grips on the operational and endpoint security ramifications of persistent and pervasive mobility, they also need to think about how it is changing the way users interact with and store data, and what that means for ongoing compliance efforts.

"Compliance and regulatory rules still apply," said Wayne Wong, managing consultant for Kroll Ontrack's electronically stored information consulting group. "One of the truisms of compliance is that the principles remain the same regardless of the technology. All it is is a tweaking of the technical details of how you do it, but the obligations are the same. I think people think that it's a whole brand-new way of looking at compliance with mobility, but it really isn't. It's exactly the same."

According to some, this is going to require IT departments solidly fixed in an operations-focused mentality to shift paradigms.

"Due to cloud services and the consumerization of IT, corporate data is being housed both inside and outside the enterprise as well as in mobile user devices," said Eric Chiu, president and founder of HyTrust, a cloud compliance company. "With this trend, IT will need to move from being operational in function to being more control and governance-focused."

Getting a handle on governance of mobility practices requires businesses stop the wait-and-see game that has kept many from developing mobile policies until things seemingly settle down. As Mike Weber, managing director of Coalfire Labs, puts it, if your organization is "wishy-washy" about its mobile device policies, now is the time to take a stand.

"The most frequent problem we have seen is a lack of solid company standing on any issue. Without guidance and a documented 'company line' on mobile device usage, a company has no assurance that their staff understands the risks these devices bring, and further has no recourse in the event staff fail to report loss, theft, or suspicious activity," he said. "In the event of a data breach that goes unreported, a company may be faced with substantial fines and penalties depending on the state, industry, and regulation violated. If your organization is 'wishy-washy' on mobile device usage, it's time to pick a position and stick with it."

Read the rest of this article on Dark Reading.

The Enterprise Connect conference program covers the full range of platforms, services, and applications that comprise modern communications and collaboration systems. It happens March 26-29 in Orlando, Fla. Find out more.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Current Issue
Five Emerging Security Threats - And What You Can Learn From Them
At Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
According to industry estimates, about a million new IT security jobs will be created in the next two years but there aren't enough skilled professionals to fill them. On top of that, there isn't necessarily a clear path to a career in security. Dark Reading Executive Editor Kelly Jackson Higgins hosts guests Carson Sweet, co-founder and CTO of CloudPassage, which published a shocking study of the security gap in top US undergrad computer science programs, and Rodney Petersen, head of NIST's new National Initiative for Cybersecurity Education.