Commissum

Mobile Device Testing & Security


Issues

Mobile devices are more and more compact and powerful, and we are becoming dependent upon them in both our personal and business lives.

In the business world they have revolutionised working practice. We carry our information with us and expect to be connected everywhere. However the attributes of compactness, functionality, mobility and the fusion of technology bring risk with the benefits:

  1. Data Storage and Portability - their huge storage capacities and compact size allows many Gigabytes of data to be moved in readily concealable devices
  2. Short Support Lifecycles - mobile devices designed for consumer markets often have very short support lifecycles increasing the risk of unsupported and unpatchable devices being used
  3. Theft & Loss - the value and compactness of laptops and mobile phones means they are easily lost and attractive to thieves – many highly publicised incidents involving loss of sensitive data testify to this
  4. Mobile Working & Remote Connectivity - the main driver for the use of mobile devices, but remotely connecting to corporate networks while mobile extends the network beyond readily protected boundaries – the use of wireless technology extends this further still; also, working on the move entails the risk of eavesdropping on conversations or sight of information on devices
  5. Mobile Malware - this is an increasing threat as smartphone take-up increases - the use of mobile devices such as smart phones introduces another variant of operating system into an organisation that is potentially vulnerable to malicious software and other attacks as a vector into corporate systems
  6. Resource Challenges - as a relatively new technology they are creating resource challenges for organisations who do not have appropriately knowledgeable staff to adequately manage the additional technology and associated security controls
  7. BYOD (Bring Your Own Device) - many organisations are looking to combine mobile devices with BYOD, increasing the risk that an unpatched device might be used to access corporate data
  8. Technology Variability - the variety and choice, while a good thing from some perspectives, requires care in selection to match up device capability with planned technology and policy implementation – BYOD environments naturally make this more difficult
  9. Jailbreaking or ‘rooting’ - these are common practices on mobile devices, particularly when devices are owned by employees wanting to maximise flexibility of use; in a business environment this can reduce the level of control that can be exerted over these devices and increase their susceptibility to attack
  10. Commonality & Complacency - the fact that devices are commonplace both in employees’ personal lives and in the work place means there is a tendency to be complacent about their use; this is particularly the case with BYOD environments where the personal/work boundary can become very blurred

Commissum understands the business needs associated with mobile working, and with our expertise in security and risk management we can help you mitigate the risk while reaping the benefits with our pragmatic approach.

Our Approach

Commissum always adopts an independent perspective whether advising on designs and technologies, or assessing the security of existing solutions. Our experienced consultants will provide expert advice and recommendations based on your business context and a totally objective standpoint.

  • Business case development, addressing the balance between embracing the benefits and mitigating the risk
  • Developing solution concepts for clients with recommendations on management and technologies
  • Assessing planned or implemented solutions and advising on improvements for secure working
  • Recommendations for security architecture or specific technologies and policies embracing both corporate owned devices and BYOD environments
  • Project security oversight
  • Testing and audit of existing solutions or devices

As well as assessing overall solutions and architectures, we can also provide assurance down to the individual device level – supply our team with a device and we can advise on the level of risk you face in a theft or loss scenario. This not only addresses the protection of data on the device, but also use of this data to access corporate networks and information. Our recommendations will be specifically tailored to your business context and be pragmatic in terms of the usability of technology balanced with mitigating risk.

Customer Benefits

We provide expert, objective independent advice that can be relied upon by the client. This means:

  • The advice is vendor/technology agnostic – we will not be trying to sell a solution to you; we will be recommending what best fits your business context and risk profile
  • The recommendations are based upon sound knowledge in the field; both from a technology and industry best practice perspective – you can be confident that your security is central to the advice you receive and embraces knowledge of security best practice
  • the approach is pragmatic and tailored to your business context, risk appetite and operational needs – you need us to understand that you have legacy systems, limited budgets and need to balance usability with keeping your assets secure; this is where we excel and add considerable value

Commissum will ensure that you are able to confidently embrace the business benefits of the array of mobile devices available today, without unnecessarily exposing corporate assets and increasing your risk profile.

Get in touch to see how we can help secure your extended company network and mobile devices.