What CSOs must know about security breaches that come through mobile devices including tablets and smartphone
Fixmo Inc. is the mobile risk management company that helps organizations identify, mitigate and manage the risks associated with mobile devices in the workplace. The company’s MRM solutions enable protected and compliant mobile computing, helping organizations embrace a wide range of mobile devices and applications while maintaining system integrity, protecting confidential data and proving regulatory compliance. Fixmo’s MRM technology has been developed as part of a Co-operative Research and Development Agreement (CRADA) with the U.S. National Security Agency (NSA). Fixmo is headquartered in Sterling, Virginia and Toronto, Canada (http://fixmo.com).
Info Security PG: Why are organizations unable to handle security breaches that come through numerous mobile devices including tablets and smartphone?
Rick Segal: The biggest issue today is that IT organizations have little-to-no visibility into what is actually happening on these devices. The majority of smartphones and tablets used in a business environment are now used for personal apps and services as well, and many of them are owned by the individual employees, rather than the company. This is a dramatic shift from the traditional ‘command-and-control’ world that most IT professionals have grown up in where a device was purchased, provisioned and highly controlled by the IT department. In this new era, it is becoming virtually impossible to tell employees that they can’t download personal apps, use the built-in camera, or access their personal email on the same device that they use for sensitive business apps. But as a result, the IT department has little control or visibility into what kind of third party services are ending up on these devices, nor where their private corporate data is ending up. There is rapidly growing demand for solutions that can enable IT to gain back control over THEIR business data and apps without impacting the personal side of the device.
About Rick Segal
Rick Segal, Fixmo’s CEO, co-founded the company in 2009. Segal began developing Fixmo Sentinel under a cooperative research and development agreement (CRADA) with the National Security Agency . He has since grown the company into an international business, fueled by his passion for startups, combined with years of experience with Blackberry users as a partner in the Blackberry Partners Fund.. Before founding Fixmo, Segal was a partner at JLA Ventures, a large Canadian Venture Capital fund. Segal has authored four books on Network Management and Windows software development.
Info Security PG: What do Mobile Risk Management (MRM) solutions actually do? Which types of organizations need such solutions?
Rick Segal: Mobile risk management (MRM) is an emerging category of technologies that empower organizations to identify, mitigate and manage the risks associated with mobile devices. MRM helps organizations go beyond traditional MDM practices, which have primarily relied on risk avoidance or control tactics, to help them protect corporate data and ensuring regulatory compliance. Achieving the right balance of device management, risk mitigation and compliance assurance while maximizing device utility and user acceptance requires a thoughtful and integrated approach to MRM.
MRM helps organizations assess their risk profile, determine their own acceptable level of risk, and deploy the tools they need to help them protect their assets, monitor integrity, mitigate their risks and stay within their compliance requirements. MRM focuses on mitigating the risks exposed by allowing mobile devices to access private networks and store confidential or personal data - namely the threats of private data loss and leakage, security breaches, identity theft, fraud and cyber attacks.
For government agencies and regulated industries, maintaining and proving regulatory compliance can be a daunting task as more and more mobile devices are introduced into their IT environments. In many cases, the risks associated with non-compliance, or simply the failure to prove compliance, can result in being sued, fined or even shut down. MRM solutions strive to address these types of risks as they pertain to using mobile devices.
Info Security PG: What are the unique requirements of securing government technology and how does Fixmo meet them?
Rick Segal: Government and Defense agencies have to strike a delicate balance. They are looking to take full advantage of the latest commercial-grade smartphones and tablets, but are not willing to sacrifice government-grade security or compliance. But this is not an easy task, and no one wants to be on the front page of the Wall Street Journal as the result of a data leak from an iPad.
Fixmo offers a number of solutions that help these agencies embrace the latest iOS and Android devices – and even the ‘bring-your-own-device’ (BYOD) approach – without compromising security, integrity or compliance. Fixmo Sentinel is the leading device integrity verification technology for government. It monitors the state of mobile devices in the field to proactively detect system-level or application-level changes that may indicate a policy violation, the presence of unverified or disallowed third party software, or other potential risks to the integrity of the device. It monitors compliance and provides complete audit reports that prove the current state of your environment. Fixmo also provides the Fixmo SafeZone secure workspace that keeps all business-related email, browsing, documents and applications encrypted, policy controlled and completely contained from the personal side of the device. Through this technology, they can ensure that all private data remains within security compliance standards no matter which iOS or Android device the employee chooses to use, while also ensuring the business side of the device stays completely protected from the personal side. Ultimately, we are helping them deliver defense-grade mobile computing on consumer-grade devices.
Info Security PG: What do you think about government efforts to add more regulation to security on the Internet? Has this worked already in other countries?
Rick Segal: I think there needs to be more accountability and regulation, unfortunately efforts in many countries like the US, UK and Australia have been misdirected (mainly focused on protecting copyright holders or protecting children but doing so in a draconian or lip service type manner).
I haven’t seen this work well but I think people and governments should keep trying especially in making organizations that have been subject to security breaches being transparent around those breaches to their end users.
Company: Fixmo 15 Toronto Street, Suite 1100, Toronto, ON, Canada, M5C 2E3
Founded in: 2009 CEO: Rick Segal Public or Private: Private Head Office in Country: United States Products: Fixmo's Mobile Security and Mobile Risk Management (MRM) solutions help organizations secure their mobile devices, protect their corporate data, maintain policy compliance and prove it in an auditable fashion - all while empowering employees with all of the business apps and data they need on their devices of choice. Company's Goals: Develop solutions which allow enterprises and government agencies to identify, mitigate and manage risk; to ensure confidence in enabling the full potential of mobility.
JOIN NOW THE CYBER SECURITY WORLDWIDE COMMUNITY ON LINKEDIN