One of the most baffling statements I’ve heard about anyone’s organization is when someone says to me “Oh, we’re not a security conscious company.”
Security isn’t exactly small-time news. This year alone, we’ve seen digital criminals step up their game, with incidents ranging from Panama Papers to a phishing scam that hit scores of major corporations to healthcare’s ransomware epidemic. In such a climate, how can any company not be conscious of the security of its IT systems and data?
When Sarbanes Oxley (“SOX”) passed, it was thought by pundits that the biggest impact would be made by Section 404, which requires public companies to secure corporate information systems housing data that has a material impact on financial statements. They weren’t entirely wrong – SOX created a huge uptick in security spending, to the benefit of many vendors.
The true lasting legacy of SOX, however, was executive accountability. According to a 2014 Veracode survey of over 200 board members, when a breach occurs it’s the CEO who should be held most accountable. And sure enough, after Target’s 2014 data breach exposed the financial data of 40 million customers, for example, the company’s CEO and CIO resigned.
While your organization may not suffer a public breach of that magnitude, that isn’t the only thing you need to worry about – the risk of either unintentional or intentional user-level data leakage of customer or proprietary business information is much higher. And that risk rises dramatically as users bring with them an increasing number of endpoints that need to be secured, such as smartphones and wearables.
As users gain mobile access to business applications behind the firewall, the odds that highly important enterprise credentials and application configuration information may be recoverable on both BYO and corporate-owned devices is also growing significantly.
What’s more important? A customer list synced from a salesperson’s mobile device to a personal cloud when he joins a competitor, or username and password data for CRM, ERP, VPN, Exchange and other systems present on a stolen phone? There’s no right answer here, but these are both very real scenarios that should matter to any commercial organization, no matter how regulated or ‘security conscious’ it may be.
The truth is, it isn’t just regulated industries like law, finance, and healthcare that need to care about security. No matter what industry your business operates in, there’s critical data that needs to be protected. And if you don’t consider your business ‘security conscious,’ you might as well just hand all that data over to the competition.
A manufacturing firm has product designs and manufacturing processes. A Pharmaceutical agency has drug formulations and test results. An entertainment company might have marketing plans, or film scripts. All of this data is valuable to competitors, and all of it can data can be both accessed and leaked from mobile devices.
For this reason, calling an industry ‘low-security’ today is ill-advised, especially if you’re in IT. If you aren’t already thinking about security, you need to start.
Containers, Certifications, and Content: The Path to Better Security
Containers have emerged as perhaps the most important technology available for securing corporate apps and content. A properly-implemented container should not rely solely on device encryption, but instead should use separate app-level encryption so that corporate data is protected even when the device is unlocked. While that may seem obvious, many EMM vendors rely on the native device encryption – always have your vendor specify, regardless of marketing claims.
You also need to avoid containers that rely on an MDM agent. While MDM policies may be layered with containers, when an MDM agent is absolutely required for app containers to work, there may be negative impacts on app and data security. There are several reasons for this:
- Requiring an MDM agent precludes deploying apps to devices that cannot be managed (i.e., partner or customer devices, pure BYO deployments).
- The MDM agent may be required for jailbreak and root detection, using location services to ‘wake it up’ so it can perform a check.
- Compliance tests should occur every time a user accesses an app – relying on an MDM agent for this weakens security and drains the battery.
True app and content security needs to be separate from device security and configuration. The deployment and management of corporate apps and content cannot be solely reliant on MDM. But it also needs to be easy to use, and slot in readily with existing security.
Here’s where the BlackBerry Dynamics Secure Mobility Platform, formerly known as Good Dynamics comes in. Good, now part of BlackBerry, invented containerization, and thanks to our expertise, we’re able to take it to a level beyond other vendors. The BlackBerry Dynamics container, a fundamental component of the BlackBerry Enterprise Mobility Suite, formerly known as Good Secure EMM Suites, distinguishes itself in a few ways:
- “Three C’s” security: Our app containers apply FIPS-validated encryption to both the applications themselves along with inter-app communication. They protect configuration details, user credentials, and content together, both at-rest and in-transit.
- Device-independent encryption: Even if a criminal breaks the security on a stolen device, they won’t be able to crack our containers – they operate independently of device controls.
- A superior user experience: With support for single-sign-on authentication, users can gain easy access to all Good-secured apps on their device after logging in once.
- A powerful product suite: Thanks to the release of BlackBerry Enterprise Mobility Suite, our containerization system is now part of the most flexible, unified EMM platform on the market.
Interested in learning more? Check out Introducing BlackBerry Enterprise Mobility Suite, or go Hands-on with BlackBerry Enterprise Mobility Suite in our recently-broadcast live demo. And if you want to see how your own business fits into the current EMM landscape, be sure to also view Making Sense of the EMM Alphabet Soup – a detailed look at MDM, MAM & MCM.