Security Vs. Convenience – navigating the mobile world

May 2021

Mobile is the technology that empowers employees to work wherever and whenever they want.

The emergence of COVID vaccines has offered the UK light at the end of the tunnel. However, even with an increasingly vaccinated workforce, it remains unlikely that we will witness a rush back to the office environment, the ‘old normal’. As the world of enterprise gets to grips with the fact that a degree of remote working will become permanent for many employees, many are reconsidering their approach to mobile.

Mobile is the technology that empowers employees to work wherever and whenever they want. But to make ‘mobile’ work, organisations need to seamlessly provide secure access to business critical resources, or reset an Active Directory password for example.When you can remove all dependencies on computers, you can become truly mobile. And whilst personal, or personally enabled, devices are increasingly permitted into the work environment, it will further serve to emphasise the ‘security vs convenience’ conundrum.

A zero trust approach

Enterprises are moving to a ‘zero trust’ approach which places greater importance on identifying the real-time health of a user’s device and the ability to provide conditional access to corporate data as a result. Zero trust security is all about eliminating implicit trust. Effectively it is an interrogation of trust within networks or the trust between host and applications. Boiled down, zero trust implies that the best way to secure a network is to assume no level of trust whatsoever. Employing a zero-trust model supposes that no single person is able to solely execute any sort of change to the system that could affect the security of the system. One way to make this happen is to embrace a ‘zero touch’ mentality whereby human vulnerabilities are effectively replaced by automation. In all things ‘security’, humans are invariably the weakest point in any chain. To mitigate human error, adopt single sign-on solutions and strengthen security controls that oversee how and where employees get access to specific data.

Mobile EDR

In the face of the continued publicity around sophisticated long-term and state sponsored attacks, enterprises are placing greater emphasis on the need for visibility and the ability to respond. And with increased usage of mobiles, this has led to a requirement for mobile endpoint detection and response (EDR). Mobile EDR allows for threat hunting, detection and response across managed and unmanaged devices.

Mobile devices have created a major gap in security architecture. The issue is that many organisations still consider smartphones and other devices as an afterthought in their overall security strategy. Many assume (incorrectly) that mobile devices are free from security risks or that mobile device management (MDM) solutions provide adequate protection. The reality is that most employees now use at least one mobile device for work. And just because these modern operating systems can defend against more traditional attacks doesn’t mean they are inherently secure. Such devices are still vulnerable to malicious code and, due to their small form factor and personal nature, they are also very vulnerable to phishing and social engineering attacks.

Passwords

A login must be secure. However, having to constantly enter credentials and remember complex passwords is annoying and can impact the user experience (UX) negatively. To enter a truly secure password on your smartphone takes at least 14 seconds according to the National Institute of Standards and Technology. And it’s a headache for helpdesks too – whichever process an organisation uses to reset passwords, it can be a laborious process. For example, there will be an initial contact with the helpdesk, the generation of a support ticket and finally the password reset. And let’s not forget that downtime during this waiting period equals unproductive employees; not ideal if the employee in question is a key individual within the business. Want an idea on how much this could add up to for your organisation? This handy tool can give you an idea.

Also, prolonged waiting time serves to drive down overall customer experience and satisfaction. Your business can do without the negative UX associated with password downtime. If your employees are able to log in quickly and without issue then they are better placed to offer excellent customer service. Consider adopting single sign-on solutions that allow for seamless security along with instant authentication.

As we wait to see what a post-vaccinated working world actually ends up looking like, it seems likely that remote working will become permanent for many employees. And for many others, this style of working will form part of their routine alongside office work. Mobile phone and smart device technology needs to support this environment whilst maintaining a healthy balance between security and convenience.