Mobile security and consumerisation of IT set to tax CSOs

Industry experts at the Forrester Security Forum EMEA outline key challenges to enterprise security

Mobile devices and integration with consumer technology will represent key challenges to enterprise security in the future, and firms must demand more from their security providers if they are to ensure they are adequately protected, according to industry experts presenting at the first annual Forrester Security Forum EMEA in Amsterdam this week.

BP’s chief information security officer, Paul Dorey, argued that as consumer technology becomes ubiquitous, corporates will need to find ways of enabling their staff’s personal devices to connect securely to their systems, rather than force workers to use enterprise kit.

“When this technology becomes part of their life why make them carry more than one device?,” Dorey added. “Soon we’ll recruit people into companies who will turn up with their digital technology of choice asking how they connect with [their firm’s] technology.”

Dorey also argued that in order to adapt to today’s perimeterless corporate IT environment, firms must move towards sourcing their security from service providers who offer services in the cloud.

“But if service providers are providing the technology to run your systems, you must know what level of trust you have,” Dorey explained. “At BP we state in their contracts that they must achieve certain criteria. We put them through our test labs and if [the solution] fails we take it back.”

Meanwhile, Forrester senior analyst Thomas Raschke encouraged chief security officers to include mobile devices in their security policies, despite admitting that mobile viruses are currently only at the proof-of-concept stage.

“The devices are getting smaller and more powerful so security managers are often not aware what devices are being brought into the enterprise, let alone what’s stored on them,” Raschke said.

Kevin Kealy of telecoms giant AT&T echoed these concerns, explaining that something as straightforward as Bluetooth security is often overlooked by enterprise staff. While Bluetooth 2.0 offers greater assurances of security, the original version needs to be completely switched off and not just put in “undiscoverable mode”, in order to mitigate the risk of being hacked, he added.