Mobile security and operations continues to be one of the hottest topics for organizations across industries. Mobility holds the promise of fostering new innovations, reaching new audiences and, most importantly, creating never-before-seen user experiences and business opportunities. For example, productivity gains brought on by “anytime”, “anywhere”, “any device” access are already revolutionalizing customer service, collaboration, and supply chain management, and many other aspects of business processes.
But delivering what mobile promises in a secure and safe way is a difficult proposition today. The mobile technology ecosystem is changing a million miles a minute: many technologies are still maturing, which led to a fragmented and semi-technology market. As a result, Security & Risk (S&R) and Infrastructure & Operations (I&O) professionals struggle to enforce consistent IT security and operations policies in this new environment where mobile devices have become the norm and customers and employees alike have come to expect certain business functions delivered over the mobile channel, regardless of the risk.
The Mobile Security & Operations Playbook contains content designed specifically for IT security and operations professionals to address these challenges. The playbook covers four key strategy aspects: 1) Discover: articulate the value of mobile security and operations in business terms; 2) Plan: set the strategy for mobile security operations; 3) Act: execute the strategy; and 4) Optimize: measure and optimize mobile security operations. To see a high level overview of the playbook, download the executive overview report.
It’s common knowledge that the security landscape has shifted over the past few years and the once-strong perimeters that CISOs relied upon have become stretched, fragmented, and overrun by increasingly mature attackers. There are many reasons for this change — from the increasing value of intellectual property and ideas to the business’ desire for agility and flexibility— but it comes down to the fact that the technology controls that CISOs are so used to deploying simply can’t stay ahead of the threats.
Increasingly, Security & Risk (S&R) Professionals are being asked not only to protect the organization from hackers but also to protect their organization’s brand and competitive advantage whilst enabling efficient and agile business processes. In this environment, we need to realize that technology is just one piece of an increasingly complex puzzle, and it’s a puzzle we have to solve without ever saying “no.” As one security expert Forrester interviewed put it, the right question is “How do I make sure this boat doesn’t crash?”; it isn’t, “How do I make sure this boat doesn’t even reach the ocean?”
It’s essential that CISOs shift their focus beyond technology to the wider spectrum of responsibilities that comprise an effective security practice. By redefining the situation and evolving their role, S&R professionals can:
Steve Jobs by Walter Isaacson is a very readable and honest portrayal of one of the most influential personalities in the computer industry from 1980 to the present. Often caustic, abrupt, and driven, Steve Jobs was a man of extreme brilliance who could intuitively understand what makes a great product. His marketing and design shrewdness were without peer. Jobs had his share of failures and more than his share of successes. Apple II, Macintosh, iMac, iPod, iPhone, and all iPad reflect Jobs' ability to orchestrate human capital to create truly innovative products.
A subtext of the book, and not directly called out, however, is Jobs' awareness of the value of intellectual property and the need to secure this. Jobs shows concern for the security of Apple’s intellectual property and goes to great lengths to ensure that security. For example, he imposed strong controls on the design area where the Apple design team works:
“The design studio where Jony Ive reigns, on the ground floor of Two Infinite Loop on the Apple campus, is shielded by tinted windows and a heavy clad, locked door. Just inside is a glass-booth reception desk where two assistants guard access. Even high-level Apple employees are not allowed in without special permission.”
--Isaacson, Walter, Steve Jobs, p. 345, Simon & Schuster, Inc. Kindle Edition.
However, the contribution Jobs makes to information security is an indirect one. This contribution is the recognition that the true value of Apple’s products is in the design. It is not in the physical assets themselves. The idea and its associated intellectual property is the true tangible asset.