By: siyer@zscaler.com

Mobile Security Is Not Black and White (listing)

Last week, Zscaler announced its Mobile Security Solution, so I wanted to continue to focus on mobile security this week.

Increasingly, information security teams are being tasked with securing mobile devices and mitigating the risk of third-party applications...

Last week, Zscaler announced its Mobile Security Solution, so I wanted to continue to focus on mobile security this week.

Increasingly, information security teams are being tasked with securing mobile devices and mitigating the risk of third-party applications accessing and sharing personal information on their employees’ devices. As a result, information security teams continue to look for scalable and efficient ways to manage mobility and the risks

Enterprises continue to look for scalable and efficient ways to manage mobility and the risks of publicly available 3rd party apps on their employees' devices. Restricting app usage by specifying blacklists and whitelists provides a coarse-grained control attempting to manage the risks. However, administrators cannot be expected to keep up with malicious or risky apps fast enough to keep the blacklist up-to-date. Also, restricting employees to run a small set of whitelisted apps severely impacts user productivity, and is especially infeasible to implement on employee-owned (BYOD) devices. Besides, bad apps often masquerade as well-known apps, especially paid ones, to attract unsuspecting users.

Enterprises should look to find solutions that take actions based on the behavior of apps over the network rather than simply their names. Apps exhibiting risky, suspicious or malicious behavior can be identified by inspecting network traffic and should be appropriately curbed from leaking sensitive data. Network-based and cloud-based traffic inspection technologies scale more efficiently than blacklisting and whitelisting apps by name.

Learn more about Zscaler.