Regulated companies put compliance efforts in jeopardy unless they address mobility.
10 Companies Driving Mobile Security
(click image for larger view and for slideshow)
Mobility might be rewriting some of the rules of business today, but some sets of rules it hasn't budged are the ones written by IT regulators. As organizations get their grips on the operational and endpoint security ramifications of persistent and pervasive mobility, they also need to think about how it is changing the way users interact with and store data, and what that means for ongoing compliance efforts.
"Compliance and regulatory rules still apply," said Wayne Wong, managing consultant for Kroll Ontrack's electronically stored information consulting group. "One of the truisms of compliance is that the principles remain the same regardless of the technology. All it is is a tweaking of the technical details of how you do it, but the obligations are the same. I think people think that it's a whole brand-new way of looking at compliance with mobility, but it really isn't. It's exactly the same."
According to some, this is going to require IT departments solidly fixed in an operations-focused mentality to shift paradigms.
"Due to cloud services and the consumerization of IT, corporate data is being housed both inside and outside the enterprise as well as in mobile user devices," said Eric Chiu, president and founder of HyTrust, a cloud compliance company. "With this trend, IT will need to move from being operational in function to being more control and governance-focused."
Getting a handle on governance of mobility practices requires businesses stop the wait-and-see game that has kept many from developing mobile policies until things seemingly settle down. As Mike Weber, managing director of Coalfire Labs, puts it, if your organization is "wishy-washy" about its mobile device policies, now is the time to take a stand.
"The most frequent problem we have seen is a lack of solid company standing on any issue. Without guidance and a documented 'company line' on mobile device usage, a company has no assurance that their staff understands the risks these devices bring, and further has no recourse in the event staff fail to report loss, theft, or suspicious activity," he said. "In the event of a data breach that goes unreported, a company may be faced with substantial fines and penalties depending on the state, industry, and regulation violated. If your organization is 'wishy-washy' on mobile device usage, it's time to pick a position and stick with it."
The Enterprise Connect conference program covers the full range of platforms, services, and applications that comprise modern communications and collaboration systems. It happens March 26-29 in Orlando, Fla. Find out more.
Published: 2015-10-15 The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...
Published: 2015-10-15 Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.
Published: 2015-10-15 Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.
Join Dark Reading community editor Marilyn Cohodas and her guest, David Shearer, (ISC)2 Chief Executive Officer, as they discuss issues that keep IT security professionals up at night, including results from the recent 2016 Black Hat Attendee Survey.