Channel Strategies for the CIOThere’s hardly any bigger challenge in IT than protecting against mobile security risks, which presents an opportunity for VARs to offer mobile security services.
A recent study by AVG Technologies and Ponemon Institute found
Requires Free Membership to View
that 66% of respondents store sensitive information on
their phones. The question becomes: just how secure are our mobile devices from loss, theft or
attack?
More on mobile security services
Enterprise mobile device security best practices
Training mobile employees on protecting data and device security
Mobile security risks
One of the most important things you can do is to educate your clients about how phones and tablets are the new desktops, and how that increases their mobile security risks. Step clients through just how bad things can get when a mobile device is lost, stolen or otherwise mishandled or abused. The Privacy Rights Clearinghouse Chronology of Data Breaches has plenty of good examples. Just be careful not to push fear, uncertainty and doubt on them when pitching mobile security services. Approach this topic from the perspective of business risk. That’ll help build your credibility more than anything.
Several issues are creating quantifiable security risks in organizations today: weak or missing passwords, unsecure wireless usage and a lack of device encryption, malware protection and data backups. In addition, the bring your own device phenomenon takes away some of IT’s control over these issues. Mobile computing complexity is growing, and this complexity is the ultimate enemy of security.
Mobile security services opportunities
The opportunity to provide mobile security services is everywhere. For example, you could help with the following:
- conducting initial security assessments to find and document the risks;
- developing standards to ensure the proper controls are agreed upon and put in place;
- creating policy and procedure documentation to ensure mobile devices are treated like any other business system;
- writing contingency plans for when a security breach occurs;
- designing, implementing and providing support for an existing mobile device management platform;
- implementing and managing ancillary services for mobile devices, such as encryption, antimalware and data backup;
- and conducting ongoing security reviews.
The consumerization of IT and the constant advancements in smartphones and tablets make it hard for IT to keep up and remain in control. Come up with a strategy to help your clients gain the control and visibility needed to minimize mobile security risks over the long haul. You’ll both win in the end.
About the author
Kevin Beaver has worked for himself for over a decade as an information security consultant, expert witness and
professional speaker with Atlanta-based Principle
Logic, LLC. With over 23 years of experience in the industry, Kevin specializes in performing
independent security assessments revolving around information risk management. He has
authored/co-authored 10 books on information security including The
Practical Guide to HIPAA Privacy and Security Compliance and the best-selling
Hacking For Dummies, 3rd edition. In addition, he’s the creator of the Security On
Wheels information security audio books and blog providing security learning for IT professionals
on the go. You can follow him on Twitter @kevinbeaver.
This was first published in March 2012
Join the conversationComment
Share
Comments
Results
Contribute to the conversation