Digital Transformation
Showing results for 
Search instead for 
Did you mean: 

6 tips for developing a secure mobile strategy


Guest post by Scott Koegler

Developing a secure mobile strategy for a large enterprise is a considerable task for a CIO. You can't lock down a mobile device that's always on the move the way you can protect your enterprise server environment with firewalls.

Each device is a potential security risk, both because of the corporate information it may contain and the privileged access that it may have to a corporate network. Devices are at risk of being lost or stolen, and the data and access to your corporate networks could be used as a gateway for hackers to steal sensitive information from your organization.

HPE Business Insights asked Darren Guccione, CEO and co-founder of Keeper Security, for his assessment of the most pressing issues CIOs must address when developing their enterprise mobile strategy. According to Guccione, a strong security posture includes a combination of the following.

1. Multi-factor authentication

Multi-factor authentication (MFA) is the process by which more than one factor of authentication is used to verify the identity of a user requesting access. Guccione identifies these common factors of authentication:

  • Something you know, such as a password or key
  • Something you own, such as a card, a time-based token generator, or a device to receive SMS messages
  • Something that's part of you, such as a fingerprint, retinal pattern, or (in the near future) other forms of biometrics


A single layer of protection, such as a username and password, is no match for hackers, and it shouldn't be relied upon to secure sensitive data, Guccione says. "A six-character password can be brute-force hacked in seconds. Extend it to eight characters, add upper- and lowercase letters, numbers, and characters, and your password is safe for mere days—or even less—to a well-equipped attacker."

Long passwords are also ineffective at fooling hackers. In what is called a dictionary attack, longer passwords could be compromised in minutes by an attacker using a list of words and popular password combinations. "It's best to have MFA set up on all your online accounts to add extra layers of protection," he says. "It's important, in addition to MFA, to ensure that your passwords are unique, and random, and complex. And the best way to keep unique, random, and complex passwords safe and conveniently available on all your devices is through the use of a password manager."

2. Encryption

Encrypting data at rest can minimize the risk of cached offline apps being susceptible to hackers, Guccione says. He recommends using protocols that implement Advanced Encryption Standard (AES). He also points out that you must understand key length for your selected encryption algorithm, because key length in pieces is not always a good indicator of security.

Guccione recommends using Transport Layer Security (TLS), a protocol that ensures privacy between applications and their users over the Internet. This form of encryption "can exponentially increase the amount of time it takes for an attacker to brute-force keys necessary to access your data," Guccione says.

3. Application containers

These create an enterprise workspace for apps on the mobile device and for all of its supported mobile platforms, whether it is corporate-owned or personal, explains Guccione. Users receive access to data and apps with enterprise-grade security and deep integration with user rights management and user authentication built in. "Application containers can help control and contain the damage done if an app is compromised by an attacker," he says. "Containers can also help keep other users secure from external threats by isolating them from other compromised containers."

4. Mobile device management and mobile application management

Mobile device management (MDM) software protects enterprises seeking management of both corporate-owned, personally enabled (COPE) devices and employee-owned devices.According to TechTarget, in the COPE model, mobile devices are issued by employers, but employees enjoy more freedoms with the devices than they did in the past, including texting and tweeting.

"Mobile application management (MAM) allows administrators to monitor and track mobile apps as well as enable, disable, or restrict them according to security policies," Guccione says. "MDM and MAM should install malware protection on the device."

5. Web security protocols

According to an HPE report, 35 percent of applications contained one critical or high-severity vulnerability in 2015. Of these, insecure transport through SSL protocols were among the top vulnerabilities. Designed to replace SSL, TLS is more secure, but because it may not work with some legacy servers, it will revert to SSL to ensure a good user experience. "It is important to note that what is often called SSL today is really two different protocols: SSL and TLS," Guccione says. "All versions of SSL are now considered to be insecure and should never be deployed or used for any secure communication channel."

6. Review and renew

Once decisions have been made that work for your enterprise security needs, review to make sure all bases are covered and operational, or take another pass with a renewed idea of your highest priorities. It's not too late to review the existing set of protections and take additional actions where necessary.

For more on developing your mobile strategy, read the HPE brochure "Enable workplace productivity."

0 Kudos
About the Author


Jan 30-31, 2018
Expert Days - 2018
Visit this forum and get the schedules for online HPE Expert Days where you can talk to HPE product experts, R&D and support team members and get answ...
Read more
See posts for dates
HPE Webinars - 2018
Find out about this year's live broadcasts and on-demand webinars.
Read more
View all