Chapter 11. Information Security Management of Enterprises Using Mobile Technologies
11.1. Ways of protecting information
The widespread use of mobile devices and cloud computing technology places increased demands on the security of mobile and remote telecommunications, the preservation and protection of corporate data, including the unauthorized distribution of this information. When using cloud computing technology by model on remote servers and the data center of the provider, critical information for the enterprise is stored, for example, a financial report. Many managers duplicate it on their personal mobile computing devices, which reduces the level of information security of the enterprise. In this case, it is necessary to provide measures to protect or destroy this data when a mobile device is lost or stolen. The transfer of information over unprotected channels of communication can also lead to disastrous consequences.
According to the data provided by Kaspersky Lab, in 2011 there was a further increase in threats to information security for owners of both personal and corporate mobile devices. Analysts of this company note the low level of information security of corporate users, even in cases of not the most complex attacks. The number of dangerous programs in 2011 was 4 times higher than in the previous seven years, and the programs themselves have become more sophisticated and more complex. A particular danger is represented by malicious programs for devices based on the Android operating system.
According to "Kaspersky Lab", only for the first three quarters of 2011 the number of "malware" for mobile devices based on the Android OS came close to 650. Along with SMS-Trojan programs, DDoS attacks are a particular danger for corporate users. Both their number and power have increased. According to the company, "the main risk group in our country will be the companies of the oil and gas industry, energy, as well as the sectors of heavy engineering, engineering and mining."
Mobile means are often used outside the controlled area of corporate communications. They are objects of theft and infection by malicious programs for the purpose of stealing money or valuable information, hacker attacks aimed at causing economic or moral damage to the company. To protect against these threats, there are not enough anti-virus programs installed on mobile devices. Secure only the complex enterprise-class information security system.
One of the solutions to protect the traffic of mobile devices is the service provider "Mobile VPN". In this case, all traffic of mobile devices is transmitted through closed channels of the communication operator and does not enter the Internet, which eliminates the risk of interception by the attackers.
For mobile users, information security is provided by:
- ready-made solutions that are installed on a mobile device to limit the possibility of information leakage
- means that provide a secure interaction between employees and the company's office;
- the means to implement a virtual workstation on a mobile terminal with the ability to centrally manage its security;
- effective use of already existing certified means of protection.
As the answer to serious and well-grounded concerns about the safety of mobile devices, the first new security technologies have appeared, and the comprehensive protection of the entire perimeter of the information infrastructure, taking into account mobility, will become the norm for United States business by 2014-2015.