Now that so many people and enterprises have rushed headlong into mobile, cloud, or both, it’s time to take a step back and consider your security posture relating to these two items. It’s an unfortunate fact that when cloud and mobile are used together, their security risks are not just additive, but multiplicative.
Mobile software and devices are already targets for malware, a problem compounded by the naivety of end-users when downloading apps and the lack of discipline in keeping mobile antivirus software up to date.
Cloud databases in an environment of shared access and multitenancy are also attractive to hackers. How should organisations deal with such threats?
In the same way that mobile and cloud computing pose a new level of threat when used together, the security response should be holistic and address both areas simultaneously.
Trying to portion the two areas out to separate entities for treatment is only likely to incur further risk. Instead, the critical areas authentication, authorisation, and auditing (AAA), as well as data confidentiality, integrity, and availability (CIA) must be handled top down for both, defining the security objectives of the organisation, and developing a strategy and actions to suit.
As mobile and cloud computing are also evolving rapidly, the holistic approach that covers both must also be flexible to prepare for new types and variations of threats.
Data governance will increase in importance, defining who should access which data and for what reason, with IT security then building, maintaining, and upgrading the corresponding security framework. Business objectives and regulatory obligations will also need to be handled in parallel, to make the most appropriate trade-offs to keep the organisation productive and compliant.
At the same time, organisations should not lose sight of the sizable advantages of using mobile and cloud solutions, providing significant motivation for getting combined security right from now onwards.