searchsecurity
at the 18 Jun 2013 Gartner Security and Risk Management Summit:
at the 18 Jun 2013 Gartner Security and Risk Management Summit:
- Even though 75% of tablets and laptops are purchased by consumers, many will show up on enterprise networks
- emphasize security in their products and offer certain advantages over Windows, included embedded security features such as encryption and remote wipe.
- locked-down app store model employed by iOS, which essentially utilizes a whitelisting-style system to allow in apps deemed secure and keep out apps that might be malicious or otherwise unsafe
- Android application security has improved over time, thanks to Google's increased monitoring of its official app store
- application security vendors, including Veracode Inc. and Appthority Inc., are advancing application security further by classifying mobile apps by category -- such as business, education, entertainment, finance and gaming -- making it easier for an enterprise to allow or block use of certain types of mobile apps based on its mobile device security policy.
- Android and iOS devices also present the unique issue of being able to "sideload" apps via custom ROMs and jailbreaking, he said. Such techniques will affect the ability of enterprises to enforce application control, which could negate the benefits of curated app stores, both those offered by Apple and Google as well as enterprise app stores
- enterprises often can't restrict mobile browsing as they can with desktop browsing. As a result, he said, enterprises should define acceptable use policies for mobile devices to protect users from Java, Flash and other exploitations.
- enterprises should consider mobile security similar to how banks and other financial firms approach security: focusing on high-value transactions and understanding that they are unable to protect everything.
- all personally identifiable information should be encrypted. He highlighted secure Web gateways as a starting point for enterprises that need to inspect mobile device traffic to ensure sensitive IP isn't leaking out, and emphasized the importance of extending corporate Internet use policies to mobile devices.
留言
張貼留言