There’s hardly any bigger challenge in IT than protecting against mobile security risks, which presents an opportunity...
for VARs to offer mobile security services.
A recent study by AVG Technologies and Ponemon Institute found that 66% of respondents store sensitive information on their phones. The question becomes: just how secure are our mobile devices from loss, theft or attack?
More on mobile security services
Enterprise mobile device security best practices
Training mobile employees on protecting data and device security
Mobile security risks
One of the most important things you can do is to educate your clients about how phones and tablets are the new desktops, and how that increases their mobile security risks. Step clients through just how bad things can get when a mobile device is lost, stolen or otherwise mishandled or abused. The Privacy Rights Clearinghouse Chronology of Data Breaches has plenty of good examples. Just be careful not to push fear, uncertainty and doubt on them when pitching mobile security services. Approach this topic from the perspective of business risk. That’ll help build your credibility more than anything.
Several issues are creating quantifiable security risks in organizations today: weak or missing passwords, unsecure wireless usage and a lack of device encryption, malware protection and data backups. In addition, the bring your own device phenomenon takes away some of IT’s control over these issues. Mobile computing complexity is growing, and this complexity is the ultimate enemy of security.
Mobile security services opportunities
The opportunity to provide mobile security services is everywhere. For example, you could help with the following:
- conducting initial security assessments to find and document the risks;
- developing standards to ensure the proper controls are agreed upon and put in place;
- creating policy and procedure documentation to ensure mobile devices are treated like any other business system;
- writing contingency plans for when a security breach occurs;
- designing, implementing and providing support for an existing mobile device management platform;
- implementing and managing ancillary services for mobile devices, such as encryption, antimalware and data backup;
- and conducting ongoing security reviews.
The consumerization of IT and the constant advancements in smartphones and tablets make it hard for IT to keep up and remain in control. Come up with a strategy to help your clients gain the control and visibility needed to minimize mobile security risks over the long haul. You’ll both win in the end.
About the author
Kevin Beaver has worked for himself for over a decade as an information security consultant, expert witness and professional speaker with Atlanta-based Principle Logic, LLC. With over 23 years of experience in the industry, Kevin specializes in performing independent security assessments revolving around information risk management. He has authored/co-authored 10 books on information security including The Practical Guide to HIPAA Privacy and Security Compliance and the best-selling Hacking For Dummies, 3rd edition. In addition, he’s the creator of the Security On Wheels information security audio books and blog providing security learning for IT professionals on the go. You can follow him on Twitter @kevinbeaver.