SN blogs: Mobile computing risk management requires more attention

SN blogs: This week, analysts discuss mobile security risk management, the importance of incident reporting and the future of software-defined data centers.

The state of mobile computing risk management

Enterprise Strategy Group senior analyst, Jon Oltsik, says that mobile computing risk management is something that CISOs should be concerned with. Oltsik cites ESG research that pinpoints data, application and a strong organizational model as key vectors to securing mobile devices. When it comes to data protection, ESG research shows that 43% of respondents were concerned about protecting data confidentiality and integrity when sensitive data is accessed by a mobile device over the network. At the same time, 42% of enterprise organizations surveyed are developing a "significant amount" of mobile applications and 38% are developing a "modest amount." The worrisome aspect? Oltsik says that fewer than half of these organizations have included best practices for secure application development.

Read more about the ESG state of mobile computing security survey and what Oltsik says needs to be done.

The workforce includes more than millennials

Current Analysis blogger Tim Banting explains that while there is a lot of talk about how to deal with millennials changing the way business gets done in the work environment, it is important to remember that there are three generations that comprise the modern day workforce. Millennials, those who were born in the 1980s; Generation X, those born since 1965; and baby boomers, those born since 1946, are all working together. Banting says that it's important to find ways to collaborate with everyone in the workforce in order to remain productive as well as design and create products that are usable by everyone. After all, he writes, a product that is easy for everyone to use will be more valuable than one that is only understandable to a portion of users.

Read more of what Banting says is necessary to collaborate with all three generations.

Security and the software-defined data center

VirtualizedGeek blogger and analyst Keith Townsend points to an interesting trend about security driving the creation of software-defined data centers (SDDC). Townsend cites the Target breaches as a direct example of a data security issue. The problem, says Townsend, is that the traditional data center model makes it difficult to approach the security issue holistically. Townsend gives two approaches to redefining the data center: either protecting it at the network, where vendors provide the ability to inspect packets and traffic to identify unauthorized access; or protecting it from the host, by tagging and identifying sensitive data. Both approaches, however, have their limitations. One answer, Townsend writes, might come from VMware, whose Goldilocks initiative focuses on using the hypervisor for security controls. Townsend says that VMware is still in the early stages of creating this security option, but it may be on to something really valuable.

Read more about what Townsend says about VMware's 'Goldilocks' security zone.

The importance of incident reporting

PacketPushers analyst Andrew Gallo explains why it is important to create incident reports after an outage occurs. While having the time to write up an incident report is a luxury that most IT shops don't have, it is important to educate the IT community about the incident in question to prevent the same problem from happening twice. Gallo says an incident report should contain the following elements: direct cause, in other words, what lead immediately to the incident; contributing cause, that is, individual causes that would not have led to the problem, but made the situation worse and the root cause, or, the underlying issue that caused the problem. While admitting flaws might be difficult, it's better to share knowledge gained from overcoming a problem than to risk future incidents.

Read Gallo's examples of formalized incident report systems.


This was first published in April 2014

Dig Deeper on Network Security Best Practices and Products



Find more PRO+ content and other member only offers, here.

Related Discussions

Sonia Groff asks:

What do you think are the greatest risks when it comes to mobile computing?

2  Responses So Far

Join the Discussion



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: