As mobile and cloud dominate the future of the enterprise, security and accountability are falling through the cracks.
In the days of well-defined network perimeters, enterprises shouldered the burden of data security. As the clear owner of the network, the network traffic, the devices and the data, businesses had to be accountable.
Fast forward to today's mobile landscape filled with cloud-based applications and bring-your-own-device (BYOD) policies, and that ownership is fragmented across multiple parties. Enterprises own the apps and the data, employees own the device and cellular carriers own the network traffic. But who owns security?
With the introduction of ApplePay combined with the development of more enterprise applications, this accountability gap is increasingly problematic. Smartphones are becoming the home of both personal identity and corporate data access, making them a tempting target for hackers. Consider smartphones as the central interface for the Internet of Things (IoT) and you have a device that people can use to spend money, unlock doors, start their car and control security systems. Yikes.
So what do we do? Traditional security architectures are predicated on the idea of a single owner, meaning today's tools do a mediocre job detecting network-based attacks or host-based attacks, but not both. To correct the liabilities of current models, businesses must focus on securing mobile at the device level.
Device-level security measures would enable enterprises to provide protection even when the device is not connected to a corporate, cellular, home or public Wi-Fi network. At the same time, enterprises must also impose strict BYOD policies that secure the device and keep the enterprise safe, while balancing employee privacy and device performance.
It is a matter of when not if mobile attacks surpass traditional security attacks in the enterprise. For security in a BYOD environment to have a chance, enterprises must step up and fill the accountability gap.