We’ve assembled this most recent Mobile Survival Guide, which includes links to some of our most important and informative mobile security articles Security risks and data breaches are growing while the form factors of computing devices shrink—because much enterprise data today is created and consumed on mobile devices. This clearly explains why mobile security persistently tops the list of most pressing enterprise security concerns.Currently, most of the mobile security in place is in the form of Mobile Devices Management (MDM) tools that provide such capabilities as device asset management, secure browsing, application whitelisting, data loss prevention, mobile VPN, app-level VPN and many more. While most CISOs, CIOs, and security analysts I’ve spoken to conclude that while MDM isn’t an adequate mobile security answer, it’s currently an important part of the mobile defense toolkit, especially in larger enterprises. And, as is often the case with enterprise data security, there are never any easy answers.Fortunately, the shift to mobile doesn’t mean a shift in mindset for security professionals. In fact, the shift to mobile doesn’t change much of anything at a high level when protecting data and applications. In actuality, all of the same security practices are needed on mobile devices as they always have been on notebooks and desktops and any other computing form factor: user authentication and authorization, encryption, enforcing security policies, and everything else that comes with keeping data secure.To help you keep your enterprise mobile app access and data secure, we’ve assembled this most recent Mobile Survival Guide, which includes links to some of our most important and informative mobile security articles, as well as five of the core mobile security tenets you should keep in mind when securing enterprise mobile devices. First: Give users access to devices that can be secured and securely managed. Look for smartphones and tablets that come with inherent security controls. This includes the ability to find misplaced or stolen phones, cleanse data off the devices, and support the device configurations to a steady standard. Take a good look at how you can secure Android, Apple, BlackBerry, Microsoft, and other mobile platforms within your organization. Second: Focus more on securing data and apps than securing devices.Look for ways to secure data and access to specific apps rather than on protecting the devices themselves. The applications and the devices can be restored and replaced. However, the breaching of data can’t be undone. Look for ways to manage mobile data, remotely wipe them, and compartmentalize them from the user’s personal data. And, just as you would on desktops and notebooks, look for ways to protect data from accidental leakage.Third: Look for ways to segment user apps and data from enterprise apps and data.One increasingly common way to do this today is to segment the enterprise portion of mobile devices from personal apps and data. Because data can be created and stored nearly anywhere on a mobile device, data classification is near impossible. If apps and data are segmented, enterprise data can be wiped without destroying personal data, and if users fall for a phishing attempt or go to unsecured websites on their personal device segment, enterprise data aren’t placed in direct and great risk. The enterprise portion of the device can be fully managed.Fourth: Keep security engaged early and often.As the enterprise decides what apps, data, and devices will be used within the enterprise, security needs to have a say in the decision making. New apps need to be designed and built securely. Different rules need to be established for different users, with some groups requiring tighter security and others less so. Fifth: Watch those cloud apps.When business units and users want to use a new cloud-based app, platform, or other service, it needs to be assessed for potential risks. Users want to use a new cloud service for the enterprise portion of their devices, but those services should be properly vetted to make certain that they meet the security levels necessary.None of this is simple or straightforward. New mobile devices with more powerful features, more storage, and greater capabilities are hitting the market every week—and workers are going to want to use them to do their job. With that in mind, we’ve assembled a number of the best articles we’ve written on mobile security.The Threats The threats against mobile devices are growing steadily. Just last week, criminals were uncovered conducting highly-targeted attacks against specific iPhone and Android users. Malware is getting better and attackers are targeting mobile more because that’s where the data reside. Here’s an overview of the types of mobile threats enterprises face:SLIDESHOW: Top 6 threats to iOS devicesGiven the recent iOS update and iPhone announcement, Lacoon Mobile Security has released the top threats to your iOS devices that you should be aware of. Android browser flaw found to leak dataThe vulnerability enables a hacker to run JavaScript from a website to steal data from web pages open in other browser tabsRogue cell towers discovered in Washington, DCToward the end of July, ESD America, the makers of the ultra-secure CryptoPhone, said that its engineers and customers had discovered more than a dozen rogue cell towers (also known as interceptors or IMSI catchers) around the US.The biggest iPhone security risk could be connecting one to a computerDesign quirks allow malware to be installed on iOS devices and cookies to be plucked from Facebook and Gmail apps HOW TO PROTECT MOBILE DATAThere are more data floating around on more devices than ever—and there’s no putting the genie back in the data center. Here’s how to protect that data:When you travel, a whole fleet of electronics comes with you. Smartphone and laptop are a given, but there’s a good chance you’re also toting a tablet, and maybe a cellular hotspot or dedicated GPS.How to secure Apple and Android mobile devices using 802.1XWhen connecting to an enterprise-secured network with Android devices, users are prompted with many settings that could be confusing. When connecting with iOS devices—an iPad, iPhone, or iPod Touch—users typically are only prompted for their username and password. They can’t edit the advanced 802.1X settings on the device, but there are ways to get around this.Why are legislators considering going to Congress for access to our cell phones? What has changed recently to motivate these demands for legislative changes? Is a remote-wipe policy a crude approach to BYOD security?While the capability to remotely wipe data from lost or stolen mobile phones may help CIOs sleep at night, it may be an outdated approach to BYOD security.Researchers build security framework for AndroidMDM: Part of the mobile security solution?Mobile device management (MDM) helps bring a level of security to employee devices—but it’s not the whole answer.5 ways to prevent data loss in mobile environmentsConfidential company data can make their way onto mobile devices, where they’re no longer under the protection of your toughest network defenses. Does that make your data vulnerable? To find out, review some strategies for preventing data loss on mobile devices.Building Sustainable Mobile Security PolicyThe key to securing mobile devices and data is having good policy consistently enforced through technology:How to create seamless mobile security for employeeFrustrated employees will figure out how to get around disruptive and clunky security procedures. Here’s how three organizations created secure and seamless mobile experiences for end users.7 enterprise mobile security best practicesThese seven tips will help you secure your mobile environment without placing a burden on your workforce.The tricky balancing act of mobile securityYour workers’ smartphones could be the weakest link in your security plan. Here’s how to protect the devices and secure the data.Five things to consider for a mobile security policyMobile is the new endpoint in IT. But organizations are still struggling with mobile security. Aaron Rhodes of Neohapsis lists five steps to take when developing a corporate mobile security policy. Related content news analysis DHS unveils one common platform for reporting cyber incidents Ahead of CISA cyber incident reporting regulations, DHS issued a report on harmonizing 52 cyber incident reporting requirements, presenting a model common reporting platform that could encompass them all. By Cynthia Brumfield Sep 25, 2023 10 mins Regulation Regulation Regulation news Chinese state actors behind espionage attacks on Southeast Asian government The distinct groups of activities formed three different clusters, each attributed to a specific APT group. By Shweta Sharma Sep 25, 2023 4 mins Advanced Persistent Threats Cyberattacks feature How to pick the best endpoint detection and response solution EDR software has emerged as one of the preeminent tools in the CISO’s arsenal. Here’s what to look for and what to avoid when choosing EDR software. By Linda Rosencrance Sep 25, 2023 10 mins Intrusion Detection Software Security Monitoring Software Data and Information Security feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Data and Information Security IT Leadership Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe