Is a mobile-first strategy in your future?

Companies are scrambling to accommodate the fast-growing number of employees demanding to use their personal devices to access work files for their jobs — regardless of location or time zone.

But as mobility becomes an integral part of business strategy, it also exposes enterprise data to potential new risks.

The mainstreaming of the anytime business culture should be incentive enough for organizations to integrate mobile device security into their overall cybersecurity strategy. That’s where there’s a disconnect.

Organizations have been slow to respond to the shift. A recent survey found that only about 38 percent of companies have deployed dedicated threat defense solutions around mobility. In addition, more than one-third of the security professionals in the same survey offered a bleak assessment, saying that their companies’ mobile devices were not sufficiently protected or secure.

They don’t have a lot of time to sit around. As more employees move beyond the traditional corporate firewall, cybercriminals are targeting mobile devices with phishing attacks or embedding malware into legitimate mobile applications.

Integrating mobility into enterprise defense

Organizations should fashion a security framework that accounts for the changes ushered in by the shift to mobility. But simply bolting mobile capabilities onto existing processes and tools isn’t enough to meet the added security challenges.

Don’t assume that it’s enough to set up an antivirus solution and a firewall. That may have worked in a previous era but mobility has ushered in a very different threat landscape and data protection solutions need to evolve accordingly.

For example, companies must now support a range of usage models — accounting for both corporate-owned and personal mobile devices that employees bring to work. They also need to devise ways to separate work and personal data on their workforce’s mobile devices.

Furthermore, a mobile-first business strategy requires companies to adapt — in some cases, even overhaul — their existing business processes to advance the cause of digital transformation. When it comes to the goal of creating consistent mobile security throughout the stack, the focus should be on protecting data across the different levels of the organization.

That includes equipping IT with features such as centralized access management, role-based permissions, advanced encryption as well as the capability to manage passwords and remote content wiping. It’s also up to IT to create an architecture and a process to create consistent mobile device management and user support policies governing the use of mobile devices inside the organization.

Organizations also need to plan how they will handle provisioning in order to highly secureseparate personal and corporate data on personal devices. If your organization doesn’t have the expertise to pull this together, outside experts can help.

As always, organizations should plan a layered defense with basic security technologies. High on the list includes encryption, mobile application management and mobile device management technologies, threat-intelligence subscription services, information and event management technologies and incident monitoring.

Mobility is an obvious boon to modern digital enterprises, but without due attention to the security implications, your mobility-first plans won’t be worth the paper they’re written on.

Charles Cooper has covered technology and business for the past three decades. All opinions expressed are his own. AT&T has sponsored this blog post.