SlideShare a Scribd company logo

AST-0002415_MobileSecurity-CIO

J
Jim Romeo
1 of 4
Download to read offline
In a well-publicized case, a data analyst em- ployed by the U.S. Department of Veterans Affairs (VA) took his laptop home to suburban Maryland. Burglars entered his home and stole the laptop. Suddenly, the personal information of some 26.5 million veterans was at risk. The incident became an international news story raising caution flags about managed security at the VA. Incidents like this one are not unusual today, and the risk is increas- ing as the mobile workforce grows. Gartner reports that 83.9 percent of businesses have a remote workforce, and by 2011 an estimated 46 million employees globally will telecommute at least one day per week and 112 million will work from home at least one day per month. Software and technology solutions help mitigate security risks and safeguard organizations from threats, but they require IT staff to select, deploy and maintain them. The problem is, today’s IT environments are lean. This paper examines the current mobile security landscape, including myths surrounding the risks and threats, and how organiza- tions can establish a solid mobile security strategy. White Paper: Mobile Security Mobile Security: The Essential Ingredient for Today’s Enterprise
The Mobile Landscape The mobile workforce is increasing. More than 17 mil- lion Americans got their work done via telecommuting in 2008, a 74 percent increase over the previous three years, according to WorldatWork Telework Trendlines. How is this changing our workforce? Mobile work encourages cross-pollination of different cultures with fresh ideas and innovative practices for collaborative teams. In a telecommuting survey sponsored by Robert Half International, 53 percent of respondents said the ability to work at home is important to their employment choice. In the most recent annual telework survey by CDW Corp., 40 percent of the respondents agreed that “the option to telecommute would influence their deci- sion to remain with their employer or take a new job.” On the one hand, teleworkers help alleviate the daily mi- nutiae of managing in-house employees, giving manage- ment more time to strategically develop initiatives. But on the other hand, a dispersed team of mobile workers creates more work and new concerns for IT managers. For example, in a recent survey of CIOs, 45 percent said they were not confident that their company’s policies and security measures prevent mobile employees from sending confidential information to unauthorized third parties—such as sending company information from a laptop to a home PC (IDG Research Services on behalf of Fiberlink Communications, 2008). Ensuring security is a formidable challenge for IT manag- ers. Mobility creates opportunity for hackers and preda- tors and increases other threats and vulnerabilities. It requires a new approach to security management, in- cluding an assessment of security plans and policies and, ultimately, the creation of a mobile security strategy. Identifying Myths Before development of a strategy for securing mobile workers and data, some common myths about IT secu- rity practices should be clarified and dispelled. Myth 1: Having a core security program in the office environment means that IT assets and data are safe everywhere. Mobile security is not confined to the office or headquar- ters location. Wherever a mobile worker goes, so goes a virtual office. The price and performance of laptops, coupled with wireless access availability, have created a work-from-anywhere preference. However, working outside the office guarded by firewalls and intrusion measures can increase risks for businesses. Dispersed employees have lower visibility than those in the office. It requires resources, time and technology to remotely monitor and control which sites users visit, the informa- tion they exchange and the online connections they use. “Given our business as an international communications solution provider, our challenges are often compounded by the need to support customers and business func- tions in a variety of locations,” says Michael Glenn, director of Information Security and chief information security official (CISO) at Qwest Communications Inter- national Inc., a managed security provider. Employees now connect and work via wireless networks and Wi-Fi hotspots and expect to access data 24x7 from their personal smartphones. Unencrypted wireless ac- cess points often do not offer the security levels neces- sary to protect corporate data. Unencrypted public wire- less access makes it possible for an outsider to detect a user, enter a wireless network and potentially steal data. The same scenario is not true with encryption, where data is modified to prevent access. Unencrypted hotspots are causing concern about the in- tegrity and safety of wireless access; 47 percent of CIOs and IT leaders say they are not very or not at all confident that their company’s policies and security measures pre- vent mobile employees from accessing the Internet via unencrypted public wireless access points (IDG Research Services for Fiberlink Communications, 2008). Myth 2: Existing mobile security programs are good enough as is and don’t require investment or long-term planning. Many IT managers believe that their existing mobile policies are sufficient to mitigate risk. However, vulner- abilities and threats constantly change, as do the ways predators exploit weaknesses in IT infrastructure. Mobile users and the technology used to accommodate them are growing and changing. For example, it took BlackBerry five years to get its first million users, just another 10 months to get its second million and six months for the next million. Today the company has more than 28 million users. The steep increase in usage and the evolving need for new features and capabilities have heightened the risks and vulnerabilities. [2] Qwest White Paper: Mobile Security
Complying with encryption regulations and controlling threats requires vigilant monitoring processes, because blind spots exist when assets are deployed in remote places. Workers travel everywhere with their laptops, smartphones and other equipment. They can work virtu- ally anywhere. An unnoticed vulnerability potentially exposes proprietary data to unwanted parties. Myth 3: Do-it-yourself managed mobile security is a better, less costly alternative to outsourcing. In recent research, CIOs declared that privacy and secu- [3] Qwest White Paper: Mobile Security Five Steps to Reduce Mobile Blind Spots Today’s mobile workers are everywhere. From their kitchen tables to airports to remote office locations to headquar- ters offices, they roam past geographic boundaries and operate on many different networks. A wide variety of vulnerabilities can potentially threaten and damage an organization’s IT systems and data. Here are five steps se- curity managers can take to reduce these risks and ensure that mobile blind spots do not bring unwanted publicity and costs to the organization. 1. Ensure Visibility r Continually monitor the health and compliance of all laptops with tools for monitoring applications, flagging those that are out of company compliance and encrypt- ing and locking down sensitive data deployed in a laptop or other device. r Enforce policies and do remediation as needed. 2. Protect Sensitive Data on Business Endpoints r Monitor, protect and update mobile devices, including those outside the corporate LAN, with tools that provide secure access to the company network via an optional virtual private network (VPN) client, as well as authenti- cation and encryption. r Monitor and enforce rules about and remediate obso- lete software. Provide adequate security protection for device use from any location. r Disable noncompliant endpoints. r Set boundaries for information transfer. 3. Develop a Specific Policy to Protect the Organization r Develop a policy for damaged, lost or stolen mobile devices, and protect sensitive information as necessary. r Monitor deployment of encryption tools, and prevent employees from copying or distributing sensitive data. Ensure your company’s ability to meet e-discovery obligations. r Make sure your policies enable you to monitor company data and meet all compliance and legal obligations from company-issued as well as personal mobile devices. r Track and document the status and condition of mobile and remote systems software. 4. Tie Access to Directories, Identities and Roles r Allow access to the resources on the corporate net- work based on the individual, that person’s role and organizational policy. r Ensure that licensed content, digital rights and the distribution of content are protected. r Secure integrated communications for VoIP, e-mail and e-commerce transactions. r Enable the image that appears on the remote workstation to be identical to that on the home office workstation. 5. Enforce Productivity r Notify employees that instant message conversations are monitored and that logs are stored for possible management review and e-discovery obligations. r Monitor, audit and collect usage statistics for manage- ment purposes. rity concerns are the leading objection to outsourcing. However, roughly half of these IT executives reported that they are still likely to outsource some type of data, voice or network service over the next 18 months (IDG Research Services and Fortune on behalf of Qwest Com- munications, May 2009). In the research, cost savings were the most frequently cited benefit of outsourcing, followed by access to expertise. Building an in-house program requires staff and technol- ogy, and ultimately, investment. And sometimes having
an internal, dedicated staff equipped with the most-up- to-date security technologies can turn out to be more expensive than hiring a managed service provider. It’s important to perform a cost analysis of do-it-yourself versus outsourced managed security. Myth 4: In-house staff is always up to date on the latest security threats and trained in the processes, solutions and equipment needed to combat them. Managed security providers bring expertise in finding solutions to fit complex problems, solutions that may not be available in-house. With cross-industry experi- ence, an outsourcing provider must stay abreast of developing threats and investigate products and secu- rity solutions to address them. Their experience affords recommendations that save time and money. The Compliance Conundrum Understanding misconceptions is the first step toward improving mobile security. However, the steady growth of industry compliance requirements makes the task of managing it even more daunting. Some of these regulations, or parts of them, promote data protection within particular industries. For ex- ample, the Gramm-Leach-Bliley Act (GLBA) has privacy stipulations to protect information in the financial services industry. The Healthcare Insurance Portability and Accountability Act (HIPAA) sets standards for health care coverage and transactions, including safe-harbor provisions if data is encrypted to specific standards. Payment Card Industry (PCI) standards govern data used in payment card transactions. The U.S. Federal Trade Commission (FTC) also has information protection rules that apply. Not meeting compliance requirements can mean hefty fines and expensive consequences. In addition, some states in the U.S.—including Massa- chusetts and Nevada—will soon require encryption on all mobile devices, including smartphones, if they con- tain personal information. Further, companies must be able to retrieve data from mobile devices if the informa- tion is pertinent to a discovery motion or lawsuit. New compliance requirements necessitate safeguards such as network monitoring, data tracking, firewall con- figuration and access control programs—areas where outsourced security services are valuable. Complying with regulations and identifying vulner- abilities are significant business benefits of using an outsourced mobile security partner. A provider can also help prevent costly incidents that degrade the brand identity of the organization and that have extended costs. For example, the Department of Veterans Af- fairs incident led to an outcry from the general public and government leaders who questioned the security governance of its mobile workers. This reflected on the integrity of the organization. In addition, a security breach has costs that extend beyond those directly related to the incident. A recent study by the Ponemon Institute found that the loss of one laptop costs an average of $49,246. On top of the actual replacement of the notebook, larger expenses include costs associated with investigating the incident, the loss of intellectual property and data and compliance with regulatory requirements related to the breach. A managed security provider can help protect the or- ganization by establishing a mobile security strategy to prevent such incidents. For example, having a compre- hensive inventory of mobile assets and the ability to re- motely disable them can prevent consequential damage from theft and intrusion by predators. A managed security partner also provides metrics for ongoing security maintenance and protection—such as how mobile workers communicate, how often they are online, the Web sites they visit and when and how data is exchanged. This knowledge aids in decision-making and overall security strategy. Conclusion Our universal mobile workforce is steadily growing. Like- wise, the need to manage the security of the devices and data used by these workers is also increasing. It’s important to understand the challenges and miscon- ceptions about security in terms of complacency, cost, experience and do-it-yourself security management. In addition, a rise in compliance requirements has caused IT managers with limited resources to seek out- side help to meet these requirements. Having a mobile security program that incorporates a trusted managed security provider is a best business practice and an es- sential ingredient in protecting today’s enterprises. For more information, visit www.qwest.com/business. [4] Qwest White Paper: Mobile Security

Recommended

PulseSecure_Report_HybridIT_120715
PulseSecure_Report_HybridIT_120715PulseSecure_Report_HybridIT_120715
PulseSecure_Report_HybridIT_120715Jim Romeo
 
Is Your Organization in Crisis?
Is Your Organization in Crisis?Is Your Organization in Crisis?
Is Your Organization in Crisis?BlackBerry
 
The Essential Ingredient for Today's Enterprise
The Essential Ingredient for Today's EnterpriseThe Essential Ingredient for Today's Enterprise
The Essential Ingredient for Today's EnterpriseReadWrite
 
Enterprise Mobility Applications: Addressing a Growing Gap
Enterprise Mobility Applications: Addressing a Growing GapEnterprise Mobility Applications: Addressing a Growing Gap
Enterprise Mobility Applications: Addressing a Growing GapBlackBerry
 
How the Internet of Things Leads to Better, Faster Crisis Communication
How the Internet of Things Leads to Better, Faster Crisis Communication How the Internet of Things Leads to Better, Faster Crisis Communication
How the Internet of Things Leads to Better, Faster Crisis CommunicationBlackBerry
 
CIO Mobility Playbook
CIO Mobility PlaybookCIO Mobility Playbook
CIO Mobility PlaybookJuniper Networks
 
VET4SBO Level 2 module 6 - unit 4 - v0.9 en
VET4SBO Level 2 module 6 - unit 4 - v0.9 enVET4SBO Level 2 module 6 - unit 4 - v0.9 en
VET4SBO Level 2 module 6 - unit 4 - v0.9 enKarel Van Isacker
 
Safeguarding the Internet of Things
Safeguarding the Internet of ThingsSafeguarding the Internet of Things
Safeguarding the Internet of ThingsCognizant
 

Recommended

PulseSecure_Report_HybridIT_120715
PulseSecure_Report_HybridIT_120715PulseSecure_Report_HybridIT_120715
PulseSecure_Report_HybridIT_120715Jim Romeo
 
Is Your Organization in Crisis?
Is Your Organization in Crisis?Is Your Organization in Crisis?
Is Your Organization in Crisis?BlackBerry
 
The Essential Ingredient for Today's Enterprise
The Essential Ingredient for Today's EnterpriseThe Essential Ingredient for Today's Enterprise
The Essential Ingredient for Today's EnterpriseReadWrite
 
Enterprise Mobility Applications: Addressing a Growing Gap
Enterprise Mobility Applications: Addressing a Growing GapEnterprise Mobility Applications: Addressing a Growing Gap
Enterprise Mobility Applications: Addressing a Growing GapBlackBerry
 
How the Internet of Things Leads to Better, Faster Crisis Communication
How the Internet of Things Leads to Better, Faster Crisis Communication How the Internet of Things Leads to Better, Faster Crisis Communication
How the Internet of Things Leads to Better, Faster Crisis CommunicationBlackBerry
 
CIO Mobility Playbook
CIO Mobility PlaybookCIO Mobility Playbook
CIO Mobility PlaybookJuniper Networks
 
VET4SBO Level 2 module 6 - unit 4 - v0.9 en
VET4SBO Level 2 module 6 - unit 4 - v0.9 enVET4SBO Level 2 module 6 - unit 4 - v0.9 en
VET4SBO Level 2 module 6 - unit 4 - v0.9 enKarel Van Isacker
 
Safeguarding the Internet of Things
Safeguarding the Internet of ThingsSafeguarding the Internet of Things
Safeguarding the Internet of ThingsCognizant
 
New trends of IoT in 2018 and beyond (SJSU Conference )
New trends of IoT in 2018 and beyond (SJSU Conference ) New trends of IoT in 2018 and beyond (SJSU Conference )
New trends of IoT in 2018 and beyond (SJSU Conference ) Ahmed Banafa
 
Cybersecurity in the Age of Mobility
Cybersecurity in the Age of MobilityCybersecurity in the Age of Mobility
Cybersecurity in the Age of MobilityBooz Allen Hamilton
 
Networking Plus December 2014: Connecting Mobile Workers
Networking Plus December 2014: Connecting Mobile WorkersNetworking Plus December 2014: Connecting Mobile Workers
Networking Plus December 2014: Connecting Mobile WorkersEric Wong
 
Jan 2018: IoT trends in silicon valley keynote at consumer electronics forum ...
Jan 2018: IoT trends in silicon valley keynote at consumer electronics forum ...Jan 2018: IoT trends in silicon valley keynote at consumer electronics forum ...
Jan 2018: IoT trends in silicon valley keynote at consumer electronics forum ...Sudha Jamthe
 
IOT: The Evolving World of Realtime BigData by Jerry Power
IOT: The Evolving World of Realtime BigData by Jerry PowerIOT: The Evolving World of Realtime BigData by Jerry Power
IOT: The Evolving World of Realtime BigData by Jerry PowerData Con LA
 
8 trends of IoT in 2018
8 trends of IoT in 20188 trends of IoT in 2018
8 trends of IoT in 2018Ahmed Banafa
 
IoT, AI and Blockchain: Catalysts for Digital Transformation
IoT, AI and Blockchain: Catalysts for Digital TransformationIoT, AI and Blockchain: Catalysts for Digital Transformation
IoT, AI and Blockchain: Catalysts for Digital TransformationAhmed Banafa
 
Emerging techonology presentation bw
Emerging techonology presentation bwEmerging techonology presentation bw
Emerging techonology presentation bwBridgetteWilliams15
 
Secure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application SecuritySecure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application SecurityCigniti Technologies Ltd
 
First line of defense for cybersecurity : AI
First line of defense for cybersecurity : AIFirst line of defense for cybersecurity : AI
First line of defense for cybersecurity : AIAhmed Banafa
 
Netop Remote Control Embedded Devices
Netop Remote Control Embedded DevicesNetop Remote Control Embedded Devices
Netop Remote Control Embedded DevicesNetop
 
A Wake-Up Call for IoT
A Wake-Up Call for IoT A Wake-Up Call for IoT
A Wake-Up Call for IoT Ahmed Banafa
 
Good Security Whitepaper
Good Security WhitepaperGood Security Whitepaper
Good Security Whitepapergenasun
 
When Worlds Collide: Tracking the Trends at the Intersection of Social, Mobil...
When Worlds Collide: Tracking the Trends at the Intersection of Social, Mobil...When Worlds Collide: Tracking the Trends at the Intersection of Social, Mobil...
When Worlds Collide: Tracking the Trends at the Intersection of Social, Mobil...mkeane
 
LIFT OFF 2017: IoT and MSS Deep Dive
LIFT OFF 2017: IoT and MSS Deep DiveLIFT OFF 2017: IoT and MSS Deep Dive
LIFT OFF 2017: IoT and MSS Deep DiveRobert Herjavec
 
Revealing the Potential and Risks From the Coming Together of IoT, AI, and C...
Revealing the Potential and Risks From the Coming Together of IoT, AI, and C... Revealing the Potential and Risks From the Coming Together of IoT, AI, and C...
Revealing the Potential and Risks From the Coming Together of IoT, AI, and C...IndianAppDevelopers
 
There's No Such Thing As "Downtime" In a Hospital
There's No Such Thing As "Downtime" In a HospitalThere's No Such Thing As "Downtime" In a Hospital
There's No Such Thing As "Downtime" In a HospitalNETSCOUT
 
Mobile Security: Preparing for the 2017 Threat Landscape
Mobile Security: Preparing for the 2017 Threat LandscapeMobile Security: Preparing for the 2017 Threat Landscape
Mobile Security: Preparing for the 2017 Threat LandscapeBlackBerry
 
271 Information Governance for Mobile Devices .docx
271 Information Governance for Mobile Devices .docx271 Information Governance for Mobile Devices .docx
271 Information Governance for Mobile Devices .docxlorainedeserre
 
IDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based SecurityIDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based Securityarms8586
 
The Insider Threats - Are You at Risk?
The Insider Threats - Are You at Risk?The Insider Threats - Are You at Risk?
The Insider Threats - Are You at Risk?Fuji Xerox Asia Pacific
 
Cyber Security Trends - Where the Industry Is Heading in an Uncertainty
Cyber Security Trends - Where the Industry Is Heading in an UncertaintyCyber Security Trends - Where the Industry Is Heading in an Uncertainty
Cyber Security Trends - Where the Industry Is Heading in an UncertaintyOrganization
 

More Related Content

What's hot

New trends of IoT in 2018 and beyond (SJSU Conference )
New trends of IoT in 2018 and beyond (SJSU Conference ) New trends of IoT in 2018 and beyond (SJSU Conference )
New trends of IoT in 2018 and beyond (SJSU Conference ) Ahmed Banafa
 
Cybersecurity in the Age of Mobility
Cybersecurity in the Age of MobilityCybersecurity in the Age of Mobility
Cybersecurity in the Age of MobilityBooz Allen Hamilton
 
Networking Plus December 2014: Connecting Mobile Workers
Networking Plus December 2014: Connecting Mobile WorkersNetworking Plus December 2014: Connecting Mobile Workers
Networking Plus December 2014: Connecting Mobile WorkersEric Wong
 
Jan 2018: IoT trends in silicon valley keynote at consumer electronics forum ...
Jan 2018: IoT trends in silicon valley keynote at consumer electronics forum ...Jan 2018: IoT trends in silicon valley keynote at consumer electronics forum ...
Jan 2018: IoT trends in silicon valley keynote at consumer electronics forum ...Sudha Jamthe
 
IOT: The Evolving World of Realtime BigData by Jerry Power
IOT: The Evolving World of Realtime BigData by Jerry PowerIOT: The Evolving World of Realtime BigData by Jerry Power
IOT: The Evolving World of Realtime BigData by Jerry PowerData Con LA
 
8 trends of IoT in 2018
8 trends of IoT in 20188 trends of IoT in 2018
8 trends of IoT in 2018Ahmed Banafa
 
IoT, AI and Blockchain: Catalysts for Digital Transformation
IoT, AI and Blockchain: Catalysts for Digital TransformationIoT, AI and Blockchain: Catalysts for Digital Transformation
IoT, AI and Blockchain: Catalysts for Digital TransformationAhmed Banafa
 
Emerging techonology presentation bw
Emerging techonology presentation bwEmerging techonology presentation bw
Emerging techonology presentation bwBridgetteWilliams15
 
Secure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application SecuritySecure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application SecurityCigniti Technologies Ltd
 
First line of defense for cybersecurity : AI
First line of defense for cybersecurity : AIFirst line of defense for cybersecurity : AI
First line of defense for cybersecurity : AIAhmed Banafa
 
Netop Remote Control Embedded Devices
Netop Remote Control Embedded DevicesNetop Remote Control Embedded Devices
Netop Remote Control Embedded DevicesNetop
 
A Wake-Up Call for IoT
A Wake-Up Call for IoT A Wake-Up Call for IoT
A Wake-Up Call for IoT Ahmed Banafa
 
Good Security Whitepaper
Good Security WhitepaperGood Security Whitepaper
Good Security Whitepapergenasun
 
When Worlds Collide: Tracking the Trends at the Intersection of Social, Mobil...
When Worlds Collide: Tracking the Trends at the Intersection of Social, Mobil...When Worlds Collide: Tracking the Trends at the Intersection of Social, Mobil...
When Worlds Collide: Tracking the Trends at the Intersection of Social, Mobil...mkeane
 
LIFT OFF 2017: IoT and MSS Deep Dive
LIFT OFF 2017: IoT and MSS Deep DiveLIFT OFF 2017: IoT and MSS Deep Dive
LIFT OFF 2017: IoT and MSS Deep DiveRobert Herjavec
 
Revealing the Potential and Risks From the Coming Together of IoT, AI, and C...
Revealing the Potential and Risks From the Coming Together of IoT, AI, and C... Revealing the Potential and Risks From the Coming Together of IoT, AI, and C...
Revealing the Potential and Risks From the Coming Together of IoT, AI, and C...IndianAppDevelopers
 
There's No Such Thing As "Downtime" In a Hospital
There's No Such Thing As "Downtime" In a HospitalThere's No Such Thing As "Downtime" In a Hospital
There's No Such Thing As "Downtime" In a HospitalNETSCOUT
 
Mobile Security: Preparing for the 2017 Threat Landscape
Mobile Security: Preparing for the 2017 Threat LandscapeMobile Security: Preparing for the 2017 Threat Landscape
Mobile Security: Preparing for the 2017 Threat LandscapeBlackBerry
 

What's hot (18)

New trends of IoT in 2018 and beyond (SJSU Conference )
New trends of IoT in 2018 and beyond (SJSU Conference ) New trends of IoT in 2018 and beyond (SJSU Conference )
New trends of IoT in 2018 and beyond (SJSU Conference )
 
Cybersecurity in the Age of Mobility
Cybersecurity in the Age of MobilityCybersecurity in the Age of Mobility
Cybersecurity in the Age of Mobility
 
Networking Plus December 2014: Connecting Mobile Workers
Networking Plus December 2014: Connecting Mobile WorkersNetworking Plus December 2014: Connecting Mobile Workers
Networking Plus December 2014: Connecting Mobile Workers
 
Jan 2018: IoT trends in silicon valley keynote at consumer electronics forum ...
Jan 2018: IoT trends in silicon valley keynote at consumer electronics forum ...Jan 2018: IoT trends in silicon valley keynote at consumer electronics forum ...
Jan 2018: IoT trends in silicon valley keynote at consumer electronics forum ...
 
IOT: The Evolving World of Realtime BigData by Jerry Power
IOT: The Evolving World of Realtime BigData by Jerry PowerIOT: The Evolving World of Realtime BigData by Jerry Power
IOT: The Evolving World of Realtime BigData by Jerry Power
 
8 trends of IoT in 2018
8 trends of IoT in 20188 trends of IoT in 2018
8 trends of IoT in 2018
 
IoT, AI and Blockchain: Catalysts for Digital Transformation
IoT, AI and Blockchain: Catalysts for Digital TransformationIoT, AI and Blockchain: Catalysts for Digital Transformation
IoT, AI and Blockchain: Catalysts for Digital Transformation
 
Emerging techonology presentation bw
Emerging techonology presentation bwEmerging techonology presentation bw
Emerging techonology presentation bw
 
Secure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application SecuritySecure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application Security
 
First line of defense for cybersecurity : AI
First line of defense for cybersecurity : AIFirst line of defense for cybersecurity : AI
First line of defense for cybersecurity : AI
 
Netop Remote Control Embedded Devices
Netop Remote Control Embedded DevicesNetop Remote Control Embedded Devices
Netop Remote Control Embedded Devices
 
A Wake-Up Call for IoT
A Wake-Up Call for IoT A Wake-Up Call for IoT
A Wake-Up Call for IoT
 
Good Security Whitepaper
Good Security WhitepaperGood Security Whitepaper
Good Security Whitepaper
 
When Worlds Collide: Tracking the Trends at the Intersection of Social, Mobil...
When Worlds Collide: Tracking the Trends at the Intersection of Social, Mobil...When Worlds Collide: Tracking the Trends at the Intersection of Social, Mobil...
When Worlds Collide: Tracking the Trends at the Intersection of Social, Mobil...
 
LIFT OFF 2017: IoT and MSS Deep Dive
LIFT OFF 2017: IoT and MSS Deep DiveLIFT OFF 2017: IoT and MSS Deep Dive
LIFT OFF 2017: IoT and MSS Deep Dive
 
Revealing the Potential and Risks From the Coming Together of IoT, AI, and C...
Revealing the Potential and Risks From the Coming Together of IoT, AI, and C... Revealing the Potential and Risks From the Coming Together of IoT, AI, and C...
Revealing the Potential and Risks From the Coming Together of IoT, AI, and C...
 
There's No Such Thing As "Downtime" In a Hospital
There's No Such Thing As "Downtime" In a HospitalThere's No Such Thing As "Downtime" In a Hospital
There's No Such Thing As "Downtime" In a Hospital
 
Mobile Security: Preparing for the 2017 Threat Landscape
Mobile Security: Preparing for the 2017 Threat LandscapeMobile Security: Preparing for the 2017 Threat Landscape
Mobile Security: Preparing for the 2017 Threat Landscape
 

Similar to AST-0002415_MobileSecurity-CIO

271 Information Governance for Mobile Devices .docx
271 Information Governance for Mobile Devices .docx271 Information Governance for Mobile Devices .docx
271 Information Governance for Mobile Devices .docxlorainedeserre
 
IDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based SecurityIDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based Securityarms8586
 
Cyber Security Trends - Where the Industry Is Heading in an Uncertainty
Cyber Security Trends - Where the Industry Is Heading in an UncertaintyCyber Security Trends - Where the Industry Is Heading in an Uncertainty
Cyber Security Trends - Where the Industry Is Heading in an UncertaintyOrganization
 
AGEOS Infrastructure Cyber Security White Paper
AGEOS Infrastructure Cyber Security White PaperAGEOS Infrastructure Cyber Security White Paper
AGEOS Infrastructure Cyber Security White PaperMestizo Enterprises
 
Securing mobile devices in the business environment
Securing mobile devices in the business environmentSecuring mobile devices in the business environment
Securing mobile devices in the business environmentIBM Software India
 
Why Cybersecurity is a Data Problem
Why Cybersecurity is a Data ProblemWhy Cybersecurity is a Data Problem
Why Cybersecurity is a Data ProblemBernard Marr
 
Wireless survey-report-saa-2016
Wireless survey-report-saa-2016Wireless survey-report-saa-2016
Wireless survey-report-saa-2016Samir Kotarwar
 
Just-How-Secure-is-your-Remote-Workforce-Infinity-Group-Ebook.pdf
Just-How-Secure-is-your-Remote-Workforce-Infinity-Group-Ebook.pdfJust-How-Secure-is-your-Remote-Workforce-Infinity-Group-Ebook.pdf
Just-How-Secure-is-your-Remote-Workforce-Infinity-Group-Ebook.pdfInfinityGroup5
 
B Distributed Workforce Management In The Cloud Wp.En Us
B Distributed Workforce Management In The Cloud Wp.En UsB Distributed Workforce Management In The Cloud Wp.En Us
B Distributed Workforce Management In The Cloud Wp.En UsVishal Shah
 
kaspersky presentation for palette business solution June 2016 v1.0.
kaspersky presentation for palette business solution June 2016 v1.0.kaspersky presentation for palette business solution June 2016 v1.0.
kaspersky presentation for palette business solution June 2016 v1.0.Onwubiko Emmanuel
 
Information Security
Information SecurityInformation Security
Information Securitysteffiann88
 
Quick Start Guide to IT Security for Businesses
Quick Start Guide to IT Security for BusinessesQuick Start Guide to IT Security for Businesses
Quick Start Guide to IT Security for BusinessesCompTIA
 
Cyber Security Challenges on Latest Technologies
Cyber Security Challenges on Latest TechnologiesCyber Security Challenges on Latest Technologies
Cyber Security Challenges on Latest TechnologiesIRJET Journal
 
Top 3 security concerns for enterprises
Top 3 security concerns for enterprisesTop 3 security concerns for enterprises
Top 3 security concerns for enterprisesTaranggg11
 
Digital Forensics Market, Size, Global Forecast 2023-2028
Digital Forensics Market, Size, Global Forecast 2023-2028Digital Forensics Market, Size, Global Forecast 2023-2028
Digital Forensics Market, Size, Global Forecast 2023-2028Renub Research
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForcePatrick Bouillaud
 
Improve network safety through better visibility – Netmagic
Improve network safety through better visibility – NetmagicImprove network safety through better visibility – Netmagic
Improve network safety through better visibility – NetmagicNetmagic Solutions Pvt. Ltd.
 

Similar to AST-0002415_MobileSecurity-CIO (20)

271 Information Governance for Mobile Devices .docx
271 Information Governance for Mobile Devices .docx271 Information Governance for Mobile Devices .docx
271 Information Governance for Mobile Devices .docx
 
IDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based SecurityIDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based Security
 
The Insider Threats - Are You at Risk?
The Insider Threats - Are You at Risk?The Insider Threats - Are You at Risk?
The Insider Threats - Are You at Risk?
 
Cyber Security Trends - Where the Industry Is Heading in an Uncertainty
Cyber Security Trends - Where the Industry Is Heading in an UncertaintyCyber Security Trends - Where the Industry Is Heading in an Uncertainty
Cyber Security Trends - Where the Industry Is Heading in an Uncertainty
 
AGEOS Infrastructure Cyber Security White Paper
AGEOS Infrastructure Cyber Security White PaperAGEOS Infrastructure Cyber Security White Paper
AGEOS Infrastructure Cyber Security White Paper
 
Consumer tech invasion
Consumer tech invasionConsumer tech invasion
Consumer tech invasion
 
Securing mobile devices in the business environment
Securing mobile devices in the business environmentSecuring mobile devices in the business environment
Securing mobile devices in the business environment
 
Why Cybersecurity is a Data Problem
Why Cybersecurity is a Data ProblemWhy Cybersecurity is a Data Problem
Why Cybersecurity is a Data Problem
 
Wireless survey-report-saa-2016
Wireless survey-report-saa-2016Wireless survey-report-saa-2016
Wireless survey-report-saa-2016
 
Just-How-Secure-is-your-Remote-Workforce-Infinity-Group-Ebook.pdf
Just-How-Secure-is-your-Remote-Workforce-Infinity-Group-Ebook.pdfJust-How-Secure-is-your-Remote-Workforce-Infinity-Group-Ebook.pdf
Just-How-Secure-is-your-Remote-Workforce-Infinity-Group-Ebook.pdf
 
B Distributed Workforce Management In The Cloud Wp.En Us
B Distributed Workforce Management In The Cloud Wp.En UsB Distributed Workforce Management In The Cloud Wp.En Us
B Distributed Workforce Management In The Cloud Wp.En Us
 
kaspersky presentation for palette business solution June 2016 v1.0.
kaspersky presentation for palette business solution June 2016 v1.0.kaspersky presentation for palette business solution June 2016 v1.0.
kaspersky presentation for palette business solution June 2016 v1.0.
 
Information Security
Information SecurityInformation Security
Information Security
 
Quick Start Guide to IT Security for Businesses
Quick Start Guide to IT Security for BusinessesQuick Start Guide to IT Security for Businesses
Quick Start Guide to IT Security for Businesses
 
Cyber Security Challenges on Latest Technologies
Cyber Security Challenges on Latest TechnologiesCyber Security Challenges on Latest Technologies
Cyber Security Challenges on Latest Technologies
 
Top 3 security concerns for enterprises
Top 3 security concerns for enterprisesTop 3 security concerns for enterprises
Top 3 security concerns for enterprises
 
Digital Forensics Market, Size, Global Forecast 2023-2028
Digital Forensics Market, Size, Global Forecast 2023-2028Digital Forensics Market, Size, Global Forecast 2023-2028
Digital Forensics Market, Size, Global Forecast 2023-2028
 
IBM X-Force.PDF
IBM X-Force.PDFIBM X-Force.PDF
IBM X-Force.PDF
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-Force
 
Improve network safety through better visibility – Netmagic
Improve network safety through better visibility – NetmagicImprove network safety through better visibility – Netmagic
Improve network safety through better visibility – Netmagic
 

More from Jim Romeo

Jim romeo b2 b copywriter - how long should blogs be
Jim romeo b2 b copywriter - how long should blogs beJim romeo b2 b copywriter - how long should blogs be
Jim romeo b2 b copywriter - how long should blogs beJim Romeo
 
Jim Romeo - B2B Copywriter - Supply Chain, Logistics, Software, High-Tech
Jim Romeo - B2B Copywriter - Supply Chain, Logistics, Software, High-TechJim Romeo - B2B Copywriter - Supply Chain, Logistics, Software, High-Tech
Jim Romeo - B2B Copywriter - Supply Chain, Logistics, Software, High-TechJim Romeo
 
PulseSecure_Report_HybridIT_120715
PulseSecure_Report_HybridIT_120715PulseSecure_Report_HybridIT_120715
PulseSecure_Report_HybridIT_120715Jim Romeo
 
IN-N-OUT BURGER
IN-N-OUT BURGERIN-N-OUT BURGER
IN-N-OUT BURGERJim Romeo
 
Chemical Industry in China
Chemical Industry in ChinaChemical Industry in China
Chemical Industry in ChinaJim Romeo
 
Automotive Logistics Magazine - The Automotive South -Working II
Automotive Logistics Magazine - The Automotive South -Working IIAutomotive Logistics Magazine - The Automotive South -Working II
Automotive Logistics Magazine - The Automotive South -Working IIJim Romeo
 
2_24551_Virtualization_SC_0113
2_24551_Virtualization_SC_01132_24551_Virtualization_SC_0113
2_24551_Virtualization_SC_0113Jim Romeo
 
Counterculture Linux Article
Counterculture Linux ArticleCounterculture Linux Article
Counterculture Linux ArticleJim Romeo
 
Maritime Executive_Out of Gauge CArgo
Maritime Executive_Out of Gauge CArgoMaritime Executive_Out of Gauge CArgo
Maritime Executive_Out of Gauge CArgoJim Romeo
 
Maritime Executive_HMorrison
Maritime Executive_HMorrisonMaritime Executive_HMorrison
Maritime Executive_HMorrisonJim Romeo
 
Cistera Networks Q and A
Cistera Networks Q and ACistera Networks Q and A
Cistera Networks Q and AJim Romeo
 
FUEL-cleanEnergy
FUEL-cleanEnergyFUEL-cleanEnergy
FUEL-cleanEnergyJim Romeo
 
managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991Jim Romeo
 
AST-0002415_MobileSecurity-CIO
AST-0002415_MobileSecurity-CIOAST-0002415_MobileSecurity-CIO
AST-0002415_MobileSecurity-CIOJim Romeo
 
Dell_whitepaper[1]
Dell_whitepaper[1]Dell_whitepaper[1]
Dell_whitepaper[1]Jim Romeo
 

More from Jim Romeo (15)

Jim romeo b2 b copywriter - how long should blogs be
Jim romeo b2 b copywriter - how long should blogs beJim romeo b2 b copywriter - how long should blogs be
Jim romeo b2 b copywriter - how long should blogs be
 
Jim Romeo - B2B Copywriter - Supply Chain, Logistics, Software, High-Tech
Jim Romeo - B2B Copywriter - Supply Chain, Logistics, Software, High-TechJim Romeo - B2B Copywriter - Supply Chain, Logistics, Software, High-Tech
Jim Romeo - B2B Copywriter - Supply Chain, Logistics, Software, High-Tech
 
PulseSecure_Report_HybridIT_120715
PulseSecure_Report_HybridIT_120715PulseSecure_Report_HybridIT_120715
PulseSecure_Report_HybridIT_120715
 
IN-N-OUT BURGER
IN-N-OUT BURGERIN-N-OUT BURGER
IN-N-OUT BURGER
 
Chemical Industry in China
Chemical Industry in ChinaChemical Industry in China
Chemical Industry in China
 
Automotive Logistics Magazine - The Automotive South -Working II
Automotive Logistics Magazine - The Automotive South -Working IIAutomotive Logistics Magazine - The Automotive South -Working II
Automotive Logistics Magazine - The Automotive South -Working II
 
2_24551_Virtualization_SC_0113
2_24551_Virtualization_SC_01132_24551_Virtualization_SC_0113
2_24551_Virtualization_SC_0113
 
Counterculture Linux Article
Counterculture Linux ArticleCounterculture Linux Article
Counterculture Linux Article
 
Maritime Executive_Out of Gauge CArgo
Maritime Executive_Out of Gauge CArgoMaritime Executive_Out of Gauge CArgo
Maritime Executive_Out of Gauge CArgo
 
Maritime Executive_HMorrison
Maritime Executive_HMorrisonMaritime Executive_HMorrison
Maritime Executive_HMorrison
 
Cistera Networks Q and A
Cistera Networks Q and ACistera Networks Q and A
Cistera Networks Q and A
 
FUEL-cleanEnergy
FUEL-cleanEnergyFUEL-cleanEnergy
FUEL-cleanEnergy
 
managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991
 
AST-0002415_MobileSecurity-CIO
AST-0002415_MobileSecurity-CIOAST-0002415_MobileSecurity-CIO
AST-0002415_MobileSecurity-CIO
 
Dell_whitepaper[1]
Dell_whitepaper[1]Dell_whitepaper[1]
Dell_whitepaper[1]
 

AST-0002415_MobileSecurity-CIO

  • 1. In a well-publicized case, a data analyst em- ployed by the U.S. Department of Veterans Affairs (VA) took his laptop home to suburban Maryland. Burglars entered his home and stole the laptop. Suddenly, the personal information of some 26.5 million veterans was at risk. The incident became an international news story raising caution flags about managed security at the VA. Incidents like this one are not unusual today, and the risk is increas- ing as the mobile workforce grows. Gartner reports that 83.9 percent of businesses have a remote workforce, and by 2011 an estimated 46 million employees globally will telecommute at least one day per week and 112 million will work from home at least one day per month. Software and technology solutions help mitigate security risks and safeguard organizations from threats, but they require IT staff to select, deploy and maintain them. The problem is, today’s IT environments are lean. This paper examines the current mobile security landscape, including myths surrounding the risks and threats, and how organiza- tions can establish a solid mobile security strategy. White Paper: Mobile Security Mobile Security: The Essential Ingredient for Today’s Enterprise
  • 2. The Mobile Landscape The mobile workforce is increasing. More than 17 mil- lion Americans got their work done via telecommuting in 2008, a 74 percent increase over the previous three years, according to WorldatWork Telework Trendlines. How is this changing our workforce? Mobile work encourages cross-pollination of different cultures with fresh ideas and innovative practices for collaborative teams. In a telecommuting survey sponsored by Robert Half International, 53 percent of respondents said the ability to work at home is important to their employment choice. In the most recent annual telework survey by CDW Corp., 40 percent of the respondents agreed that “the option to telecommute would influence their deci- sion to remain with their employer or take a new job.” On the one hand, teleworkers help alleviate the daily mi- nutiae of managing in-house employees, giving manage- ment more time to strategically develop initiatives. But on the other hand, a dispersed team of mobile workers creates more work and new concerns for IT managers. For example, in a recent survey of CIOs, 45 percent said they were not confident that their company’s policies and security measures prevent mobile employees from sending confidential information to unauthorized third parties—such as sending company information from a laptop to a home PC (IDG Research Services on behalf of Fiberlink Communications, 2008). Ensuring security is a formidable challenge for IT manag- ers. Mobility creates opportunity for hackers and preda- tors and increases other threats and vulnerabilities. It requires a new approach to security management, in- cluding an assessment of security plans and policies and, ultimately, the creation of a mobile security strategy. Identifying Myths Before development of a strategy for securing mobile workers and data, some common myths about IT secu- rity practices should be clarified and dispelled. Myth 1: Having a core security program in the office environment means that IT assets and data are safe everywhere. Mobile security is not confined to the office or headquar- ters location. Wherever a mobile worker goes, so goes a virtual office. The price and performance of laptops, coupled with wireless access availability, have created a work-from-anywhere preference. However, working outside the office guarded by firewalls and intrusion measures can increase risks for businesses. Dispersed employees have lower visibility than those in the office. It requires resources, time and technology to remotely monitor and control which sites users visit, the informa- tion they exchange and the online connections they use. “Given our business as an international communications solution provider, our challenges are often compounded by the need to support customers and business func- tions in a variety of locations,” says Michael Glenn, director of Information Security and chief information security official (CISO) at Qwest Communications Inter- national Inc., a managed security provider. Employees now connect and work via wireless networks and Wi-Fi hotspots and expect to access data 24x7 from their personal smartphones. Unencrypted wireless ac- cess points often do not offer the security levels neces- sary to protect corporate data. Unencrypted public wire- less access makes it possible for an outsider to detect a user, enter a wireless network and potentially steal data. The same scenario is not true with encryption, where data is modified to prevent access. Unencrypted hotspots are causing concern about the in- tegrity and safety of wireless access; 47 percent of CIOs and IT leaders say they are not very or not at all confident that their company’s policies and security measures pre- vent mobile employees from accessing the Internet via unencrypted public wireless access points (IDG Research Services for Fiberlink Communications, 2008). Myth 2: Existing mobile security programs are good enough as is and don’t require investment or long-term planning. Many IT managers believe that their existing mobile policies are sufficient to mitigate risk. However, vulner- abilities and threats constantly change, as do the ways predators exploit weaknesses in IT infrastructure. Mobile users and the technology used to accommodate them are growing and changing. For example, it took BlackBerry five years to get its first million users, just another 10 months to get its second million and six months for the next million. Today the company has more than 28 million users. The steep increase in usage and the evolving need for new features and capabilities have heightened the risks and vulnerabilities. [2] Qwest White Paper: Mobile Security
  • 3. Complying with encryption regulations and controlling threats requires vigilant monitoring processes, because blind spots exist when assets are deployed in remote places. Workers travel everywhere with their laptops, smartphones and other equipment. They can work virtu- ally anywhere. An unnoticed vulnerability potentially exposes proprietary data to unwanted parties. Myth 3: Do-it-yourself managed mobile security is a better, less costly alternative to outsourcing. In recent research, CIOs declared that privacy and secu- [3] Qwest White Paper: Mobile Security Five Steps to Reduce Mobile Blind Spots Today’s mobile workers are everywhere. From their kitchen tables to airports to remote office locations to headquar- ters offices, they roam past geographic boundaries and operate on many different networks. A wide variety of vulnerabilities can potentially threaten and damage an organization’s IT systems and data. Here are five steps se- curity managers can take to reduce these risks and ensure that mobile blind spots do not bring unwanted publicity and costs to the organization. 1. Ensure Visibility r Continually monitor the health and compliance of all laptops with tools for monitoring applications, flagging those that are out of company compliance and encrypt- ing and locking down sensitive data deployed in a laptop or other device. r Enforce policies and do remediation as needed. 2. Protect Sensitive Data on Business Endpoints r Monitor, protect and update mobile devices, including those outside the corporate LAN, with tools that provide secure access to the company network via an optional virtual private network (VPN) client, as well as authenti- cation and encryption. r Monitor and enforce rules about and remediate obso- lete software. Provide adequate security protection for device use from any location. r Disable noncompliant endpoints. r Set boundaries for information transfer. 3. Develop a Specific Policy to Protect the Organization r Develop a policy for damaged, lost or stolen mobile devices, and protect sensitive information as necessary. r Monitor deployment of encryption tools, and prevent employees from copying or distributing sensitive data. Ensure your company’s ability to meet e-discovery obligations. r Make sure your policies enable you to monitor company data and meet all compliance and legal obligations from company-issued as well as personal mobile devices. r Track and document the status and condition of mobile and remote systems software. 4. Tie Access to Directories, Identities and Roles r Allow access to the resources on the corporate net- work based on the individual, that person’s role and organizational policy. r Ensure that licensed content, digital rights and the distribution of content are protected. r Secure integrated communications for VoIP, e-mail and e-commerce transactions. r Enable the image that appears on the remote workstation to be identical to that on the home office workstation. 5. Enforce Productivity r Notify employees that instant message conversations are monitored and that logs are stored for possible management review and e-discovery obligations. r Monitor, audit and collect usage statistics for manage- ment purposes. rity concerns are the leading objection to outsourcing. However, roughly half of these IT executives reported that they are still likely to outsource some type of data, voice or network service over the next 18 months (IDG Research Services and Fortune on behalf of Qwest Com- munications, May 2009). In the research, cost savings were the most frequently cited benefit of outsourcing, followed by access to expertise. Building an in-house program requires staff and technol- ogy, and ultimately, investment. And sometimes having
  • 4. an internal, dedicated staff equipped with the most-up- to-date security technologies can turn out to be more expensive than hiring a managed service provider. It’s important to perform a cost analysis of do-it-yourself versus outsourced managed security. Myth 4: In-house staff is always up to date on the latest security threats and trained in the processes, solutions and equipment needed to combat them. Managed security providers bring expertise in finding solutions to fit complex problems, solutions that may not be available in-house. With cross-industry experi- ence, an outsourcing provider must stay abreast of developing threats and investigate products and secu- rity solutions to address them. Their experience affords recommendations that save time and money. The Compliance Conundrum Understanding misconceptions is the first step toward improving mobile security. However, the steady growth of industry compliance requirements makes the task of managing it even more daunting. Some of these regulations, or parts of them, promote data protection within particular industries. For ex- ample, the Gramm-Leach-Bliley Act (GLBA) has privacy stipulations to protect information in the financial services industry. The Healthcare Insurance Portability and Accountability Act (HIPAA) sets standards for health care coverage and transactions, including safe-harbor provisions if data is encrypted to specific standards. Payment Card Industry (PCI) standards govern data used in payment card transactions. The U.S. Federal Trade Commission (FTC) also has information protection rules that apply. Not meeting compliance requirements can mean hefty fines and expensive consequences. In addition, some states in the U.S.—including Massa- chusetts and Nevada—will soon require encryption on all mobile devices, including smartphones, if they con- tain personal information. Further, companies must be able to retrieve data from mobile devices if the informa- tion is pertinent to a discovery motion or lawsuit. New compliance requirements necessitate safeguards such as network monitoring, data tracking, firewall con- figuration and access control programs—areas where outsourced security services are valuable. Complying with regulations and identifying vulner- abilities are significant business benefits of using an outsourced mobile security partner. A provider can also help prevent costly incidents that degrade the brand identity of the organization and that have extended costs. For example, the Department of Veterans Af- fairs incident led to an outcry from the general public and government leaders who questioned the security governance of its mobile workers. This reflected on the integrity of the organization. In addition, a security breach has costs that extend beyond those directly related to the incident. A recent study by the Ponemon Institute found that the loss of one laptop costs an average of $49,246. On top of the actual replacement of the notebook, larger expenses include costs associated with investigating the incident, the loss of intellectual property and data and compliance with regulatory requirements related to the breach. A managed security provider can help protect the or- ganization by establishing a mobile security strategy to prevent such incidents. For example, having a compre- hensive inventory of mobile assets and the ability to re- motely disable them can prevent consequential damage from theft and intrusion by predators. A managed security partner also provides metrics for ongoing security maintenance and protection—such as how mobile workers communicate, how often they are online, the Web sites they visit and when and how data is exchanged. This knowledge aids in decision-making and overall security strategy. Conclusion Our universal mobile workforce is steadily growing. Like- wise, the need to manage the security of the devices and data used by these workers is also increasing. It’s important to understand the challenges and miscon- ceptions about security in terms of complacency, cost, experience and do-it-yourself security management. In addition, a rise in compliance requirements has caused IT managers with limited resources to seek out- side help to meet these requirements. Having a mobile security program that incorporates a trusted managed security provider is a best business practice and an es- sential ingredient in protecting today’s enterprises. For more information, visit www.qwest.com/business. [4] Qwest White Paper: Mobile Security