New RSA Research Tackles Mounting Risks from Mobile Devices in the Enterprise

LONDON, Oct. 9, 2012 /PRNewswire/ -- RSA CONFERENCE EUROPE 2012 --

News Summary:

• Security for Business Innovation Council (SBIC) report features recommendations for managing mobile devices in the enterprise from 19 global security thought leaders
• Recommendations outline how organizations can leverage the power of mobile devices, while also managing associated risks

Full Story:

RSA, The Security Division of EMC (NYSE: EMC), released a new research report today from the Security for Business Innovation Council (SBIC) that addresses the continued surge of consumer mobile devices in the enterprise and shares security leaders' insights on how to manage the fast-changing mobility risks while maximizing business opportunities.  Mobile threats are developing quickly and technologies keep shifting creating new security holes.  As more and more consumer devices access corporate networks and store corporate data, potentially devastating consequences range from the loss or leakage of valuable intellectual property to brand damage if fraudulent access results in a high-profile security breach. The Council consensus is that the time is now for enterprises to integrate risk management into their mobile vision. The potential benefits include increased agility, improved productivity, faster sales, and reduced costs. Capitalizing on the business opportunities of mobile computing is only possible if enterprises know the risks and how to manage them. 

The Security for Business Innovation Council's latest report, titled "Realizing the Mobile Enterprise: Balancing the Risks and Rewards of Consumer Devices," is derived from the expertise and real-world experiences of 19 security leaders, who represent some of the world's most forward-thinking security organizations. 

The report identifies today's major sources of risk for the mobile enterprise and the outlook for the near future. It also answers critical questions such as:

• What are the most important mobile policy decisions and who should make them?
• How do you mitigate risks such as lost or stolen devices?
• What should be included in a "Bring Your Own Device (BYOD)" agreement?
• Why or why not use a mobile device management (MDM) solution?
• What are the requirements for designing secure mobile apps?

In the report, the Council presents five strategies for building effective, adaptable mobile programs:

1. Establish mobile governance – Organizations should engage cross-functional teams to set clear ground rules. Every mobile project should start by defining business goals, including expectations of cost savings or revenue generation, and by establishing the level of risk that the organization is willing to accept to achieve those goals.
2. Create an action plan for the near-term – Mobile security technologies are fast-moving and, in many cases, too nascent to allow organizations to make long-term mobile security investments. The Council lays out several stop gap measures and key steps to take over the next 12-18 months.
3. Build core competencies in mobile app security – Knowing how to design mobile apps in a way that protects corporate data is absolutely critical, yet many information security teams do not have the necessary level of expertise. The Council emphasizes it's not just about bolting on security, but requires a careful examination of the app's overall functionality and architecture, and they provide key design criteria.  
4. Integrate mobility into long-term vision – Numerous trends are affecting long-term risk management planning. Organizations need to update their approach to security including risk-based, adaptive authentication; network segmentation; data-centric security controls; and cloud-based gateways.
5. Expand mobile situational awareness – Corporate security teams should deepen and continually refresh their understanding of the mobile ecosystem.

Executive Quotes:

Art Coviello, Executive Vice President, EMC, Executive Chairman, RSA

"With the prevalence of mobile devices and applications, organizations have huge opportunities to create business value, but the accompanying risks are equally huge.  This new report from the Security for Business Innovation Council provides strategic guidance that helps organizations not only reduce their mobile liabilities but also foster mobile  programs that enable them to realize the full benefits of the mobile enterprise."

William Boni, Chief Information Security Officer, VP Enterprise Information Security, T-Mobile USA

"Similar to PCs, with mobile computing we'll see a largely consumer phenomenon evolve into a comprehensive enterprise framework which allows sufficient security over data. It has to evolve fast.  But will it be fast enough? We're in an arms race between malicious exploitation and security protection."

About the Security for Business Innovation Council

The Security for Business Innovation Council is a group of top security leaders from Global 1000 enterprises committed to advancing information security worldwide by sharing their diverse professional experiences and insights. The Council produces periodic reports exploring information security's central role in enabling business innovation.

Contributors to this report include 19 security leaders from some of the largest global enterprises:

Additional Resources:

• Download the Security for Business Innovation Council Report
• Watch Videos  SBIC Members Discuss Latest Mobile Report
• Download SBIC Report Synopsis
• RSA Blog: Mobile Risk and the Enterprise – By Chris Corde, RSA Director of Corporate Strategy
• Connect with RSA via Twitter, Facebook, YouTube, LinkedIn and the RSA Speaking of Security Blog and Podcast

About RSA

RSA, The Security Division of EMC, is the premier provider of security, risk, and compliance- management solutions for business acceleration. RSA helps the world's leading organizations succeed by solving their most complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and securing virtual and cloud environments.

Combining business-critical controls in identity assurance, encryption & key management, SIEM, Data Loss Prevention, and Fraud Protection with industry-leading eGRC capabilities and robust consulting services, RSA brings visibility and trust to millions of user identities, the transactions that they perform, and the data that is generated. For more information, please visit www.EMC.com/RSA.

RSA and EMC are either registered trademarks or trademarks of EMC Corporation in the United States and/or other countries. All other company and product names may be trademarks of their respective owners.

SOURCE EMC Corporation