News Stay informed about the latest enterprise technology news and product updates.

SN blogs: Mobile computing risk management requires more attention

SN blogs: This week, analysts discuss mobile security risk management, the importance of incident reporting and the future of software-defined data centers.

The state of mobile computing risk management

Enterprise Strategy Group senior analyst, Jon Oltsik, says that mobile computing risk management is something that CISOs should be concerned with. Oltsik cites ESG research that pinpoints data, application and a strong organizational model as key vectors to securing mobile devices. When it comes to data protection, ESG research shows that 43% of respondents were concerned about protecting data confidentiality and integrity when sensitive data is accessed by a mobile device over the network. At the same time, 42% of enterprise organizations surveyed are developing a "significant amount" of mobile applications and 38% are developing a "modest amount." The worrisome aspect? Oltsik says that fewer than half of these organizations have included best practices for secure application development.

Read more about the ESG state of mobile computing security survey and what Oltsik says needs to be done.

The workforce includes more than millennials

Current Analysis blogger Tim Banting explains that while there is a lot of talk about how to deal with millennials changing the way business gets done in the work environment, it is important to remember that there are three generations that comprise the modern day workforce. Millennials, those who were born in the 1980s; Generation X, those born since 1965; and baby boomers, those born since 1946, are all working together. Banting says that it's important to find ways to collaborate with everyone in the workforce in order to remain productive as well as design and create products that are usable by everyone. After all, he writes, a product that is easy for everyone to use will be more valuable than one that is only understandable to a portion of users.

Read more of what Banting says is necessary to collaborate with all three generations.

Security and the software-defined data center

VirtualizedGeek blogger and analyst Keith Townsend points to an interesting trend about security driving the creation of software-defined data centers (SDDC). Townsend cites the Target breaches as a direct example of a data security issue. The problem, says Townsend, is that the traditional data center model makes it difficult to approach the security issue holistically. Townsend gives two approaches to redefining the data center: either protecting it at the network, where vendors provide the ability to inspect packets and traffic to identify unauthorized access; or protecting it from the host, by tagging and identifying sensitive data. Both approaches, however, have their limitations. One answer, Townsend writes, might come from VMware, whose Goldilocks initiative focuses on using the hypervisor for security controls. Townsend says that VMware is still in the early stages of creating this security option, but it may be on to something really valuable.

Read more about what Townsend says about VMware's 'Goldilocks' security zone.

The importance of incident reporting

PacketPushers analyst Andrew Gallo explains why it is important to create incident reports after an outage occurs. While having the time to write up an incident report is a luxury that most IT shops don't have, it is important to educate the IT community about the incident in question to prevent the same problem from happening twice. Gallo says an incident report should contain the following elements: direct cause, in other words, what lead immediately to the incident; contributing cause, that is, individual causes that would not have led to the problem, but made the situation worse and the root cause, or, the underlying issue that caused the problem. While admitting flaws might be difficult, it's better to share knowledge gained from overcoming a problem than to risk future incidents.

Read Gallo's examples of formalized incident report systems.


This was last published in April 2014

Dig Deeper on Network Security Best Practices and Products

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

What do you think are the greatest risks when it comes to mobile computing?
My first concern is secure networks. Everyday you hear about new technology and people seem to love trying to exploit it. Beyond the secure network issue another problem I see is just being in close proximity to others. For example, say you are waiting for a flight at the airport or having a coffee at the local bistro, the person next to you or behind you may be watching your every move. With Google glass, or a smart phone and even security cameras they could record you keying in a password to a site or accessing confidential material. If there is a way to compromise our personal space and privacy the evil of the world will find it.
Thank you ToddN2000! That's a good point about Google glass. Securing the network is difficult as it is, but with new technology coming out all the time it gets overwhelming.