Mobile security in three steps

  • A sound mobile security strategy should integrate existing and mobile-focused solutions.

  • Companies are wise to review existing threats, refresh current solutions, and reinvent strategies within context.

Companies want a silver bullet for mobile security, but security isn’t something that can be handled in just one place, such as the firewall or the Mobile Device Management (MDM) software. Chief Information Officers (CIOs) need to embrace a multi-layered security model that integrates existing solutions with new mobile-focused solutions. A company should look at three areas:

1. Review existing security threats. 

The operating system, version, and patch status of the device are several items that should be checked before a mobile device connects into your network and applications. Virtual Private Network (VPN) access to data will mitigate some but not all of the risks. Enterprise Marketing Management (EMM) software minimizes device level risk and certain application level risks, but IT must be careful to ensure that the EMM software doesn’t provide an onerous security experience.

2. Remediate and refresh existing security solutions. 

Businesses should define degrees of risk and match the security solution to the data’s risk profile. These solutions should secure specific applications and content while separating business data from personal data and applications. Companies also need their security solutions to assist with Wireless Local-Area Network (WLAN) access, device onboarding, device health checks, mobile application distribution, and update management. A company should integrate its existing AAA infrastructure and policy management solutions with its EMM mobile solutions. These solutions should help a company bridge existing identity and network access control solutions and provision personal mobile devices with VPN settings, certificates, and trust details.

3. Reinvent your security strategy with context.

Security policies should use application, user identity, role, content type, time of day, location, device type, and device state to control network access to applications and data. In this phase, companies will also build a strategy for multi-factor authentication. Local area network context and device context (including wearables) will enhance existing authentication solutions.

By considering, checking, and implementing these three main steps, you will help ensure your mobile security 24/7.  Symantec issues a monthly intelligence report, that provides the latest analysis of cyber security threats, trends, and insights on malware, spam, and other potentially harmful business risks. It can be found here.


Maribel Lopez is the CEO and mobile market strategist for Lopez Research, a market research and strategy consulting firm that specializes in communications technologies with a heavy emphasis on the disruptive nature of mobile technologies. AT&T has sponsored this blog post.

Maribel Lopez CEO Lopez Research About Maribel