Is mobile the new squirrel?

Perhaps you’ve seen the Disney film, Up, and you remember Dug the talking dog. Despite his ability to speak, Dug often became distracted at the sight of a squirrel. In the same way, security professionals are often distracted by the challenges mobile devices present. 

While the power and capabilities of mobile devices continues to grow you cannot afford to let it distract you from securing the laptops, gateways, and  many other parts of the extended network.

Because there are daily new threats to Android and Apple, said Dave Barton, CISO, Forcepoint, “Security practitioners are always working through that mobile risk model in their heads. How do we protect end points? Those end points are all different and personally owned and might not be compatible with software we want them to use.”

What to protect and how much to classify is most relevant for mobile or end point or any part of the extended network. “You need tools in place that will block it from moving across the network or being moved off the network,” said Barton. There is no one silver bullet. Strong security requires various data theft protection tools.

Different protection tools can be set to manage and limit access to data, said Barton. “There are tools that you can say, for this type of data don’t allow it to be used for a USB device. Don’t allow it to be printed. Other tools let you segment mobile so that the data is protected,” Barton explained.

Whether your information is on a laptop, iPad or any other mobile or network device, you want to know what you are protecting. “If you have credit card information, that database of credit cards is the first priority,” said Barton.

For healthcare organizations, records are the first priority, especially any information around HIPPA. For other organizations the top priority might be intellectual property. “Whatever the business is, you need something that will interpret the handheld device and evaluate that against your data,” said Barton.

Good security means knowing the business and the data that you are protecting and understanding the tools you need to secure the crown jewels. “In the data theft prevention category, they build their tools so that if they are tampered with things are taken away,” Barton said. Spending money on tools without knowing the abilities they have and how those technologies will work for your business does not create strong security.

“I encourage everybody who practices security to focus on what’s the most important thing. What are you most concerned about protecting? Security practitioners need to focus on what is important to their company,” Barton said. Every security professional should know what a loss of data is going to cost the enterprise. Will they lose market share or will it cause a public uproar?

“Focus on what’s important. If key data is in a single server, that is where you start protecting,” said Barton. “For new folks, it’s tough. They probably haven’t learned a good risk management program,” he continued.

Part of the challenge for security practitioners is getting out to the business and building relationship with the business. “The bottom line is, if the business isn’t there, they don’t need me,” said Barton. “Go find out what makes the company tick. What makes the money.”

Particularly for those who are new, the best first step you can take is to go out into the business and ask a lot of questions that focus on the big picture. Barton said, “As you are able to narrow down, then you can go figure out where they are at and how you can protect them.”

Barton said reading security website resources is another way to learn the industry. “They need to know what kind of cyber security framework should be in place and which tools will help them mature their own personal skill sets quicker which will help them answer that question more effectively.”

Mobile is distracting because it causes security practitioners to rethink how they protect and give end users what they want in a secure fashion. Barton said, “I’m a security practitioner, but I have a passion for what we do as a company. We focus on protecting that data at end point and in transit.”

The mission of every security professional is to protect the data no matter where it sits. As technology continues to evolve in ways we’ve yet to even imagine, keep the focus on securing the data.