Tierney - stock.adobe.com
UK public sector needs to prioritise mobile device security
Only 10% of public service stolen and lost mobile are recovered, underlining the need for mobile-centric, zero-trust model to reduce the risk, says MobileIron
UK government staff lost 508 mobile and laptop devices between January and April 2019. That is the discovery of freedom of information (FoI) request responses from eight out of nine government departments contacted.
This highlights the fact that mobile device security remains as important as ever for public sector organisations, according to security firm MobileIron, which submitted the FoI request.
Further underlining the importance of mobile device security for the public sector, the FoI responses show that only 10% of devices lost by public sector employees are ever recovered.
With the average enterprise using almost 1,000 cloud-based applications, MobileIron said the security risks presented by the volume of data that might be exposed when a device is lost or stolen becomes clear.
To reduce the risk of being breached, MobileIron said companies need to implement an “always verify, never trust” approach that establishes complete control over their business data, wherever it lives.
“As the amount of business data that flows across devices, apps, networks and cloud services continues to increase, it is essential that organisations have the right security protocols in place to minimise risk and prevent unauthorised access to sensitive data if a device is lost or stolen. Even one lost or stolen device provides a goldmine of readily accessible and highly critical data to potential fraudsters and hackers,” said David Critchley, MobileIron’s regional director for the UK and Ireland.
David Critchley, MobileIron
“All organisations should move beyond standard password-based security protocols and implement a mobile-centric, zero-trust model. This approach validates the device, establishes user context, checks app authorisation, verifies the network, and detects and remediates threats before granting secure access to a device or user.
“The zero-trust model allows organisations, including government departments, to significantly reduce risk by giving them complete control over their business data – even on lost or stolen devices,” he said.
The concept of the zero-trust approach to security is gaining traction around the globe, partly driven by new data protection legislation such as the EU’s General Data Protection Regulation (GDPR).
However, according to John Kindervag, the originator of the zero-trust concept, some security suppliers are trying to capitalise on the growing interest by using the term zero trust, but applying it inaccurately.
He emphasises that zero trust cannot be achieved overnight and is not about deploying specific security products, but about understanding that trust is a vulnerability.
“The way to achieve zero trust is through zero-trust architectures, where you deploy controls close to the ‘protect surface’ or the specific asset you are protecting. You design the network from the inside-out instead of from the outside-in. It’s about building zero-trust networks around particularly sensitive data or assets,” he told Computer Weekly in a recent interview.
Read more about zero trust security approach
- Traditional corporate security models date back to a time when there were fewer, lower-level threats, but a zero trust model is better suited to the 21st century, according to the originator of the idea John Kindervag.
- Zero trust is about more than products.
- Zero trust security model gaining traction.
- UK senior decision makers believe younger workers are the biggest risk to cyber security, but are doing little to support them and reduce that risk, a report reveals.