Mobile devices have changed the way business is conducted, giving enterprises and employees flexibility to stay connected, whether in the office or on the road. As mobile devices continue to play a greater role in enterprises, greater amounts of data will flow through these devices and applications. As a result, we can expect a surge in mobile traffic over the next few years. In fact, Cisco's Visual Networking Index anticipates that mobile traffic will grow at a compound annual growth rate (CAGR) of 47 percent between 2016 and 2021.
The ever-increasing use of mobile devices expands the corporate attack surface and creates serious security risks, privacy concerns and vulnerabilities, which malicious actors can exploit to steal sensitive and personal information, and impersonate unknowing victims. As the use of mobile devices and applications continues to grow, the rate and sophistication of attacks on popular mobile platforms also grows, and the need for mobile authentication becomes more prevalent.
Mobile devices and mobile applications are becoming more dangerous threat vectors against the corporate network. Indeed, the instances of mobile threats is increasing. Kaspersky mobile products and technologies detected in 2019:
To counter these threats, enterprises are turning to certificates to secure mobile devices, applications, and users. Digital certificates authenticate mobile users to applications, VPNs, and WiFi networks. However, many organizations have little to no control or visibility into their mobile certificate inventory and they’re unaware to which mobile certificates their users have access. And this lack of visibility results in lack of control, which means that organizations cannot fully control the access granted by certificates, risking unauthorized access.
A number of security risks from misused or orphaned mobile VPN certificates to unauthorized access by terminated employees or contractors can be easily exploited. Plus, with several different IT teams managing different parts of the mobility stack, there may often be gaps in management and security that can be exploited. These gaps will hamper your ability to detect misuse—especially if you are not equipped to detect mobile certificate anomalies, including incorrectly issued certificates. Cybercriminals take advantage of mobile certificates and pose as trusted users, thereby infiltrating your network and stealing intellectual property.
Remember that mobile certificates issued to users serve as trusted credentials for secure access to your critical networks, applications, and data. So the biggest threat to your enterprise isn’t necessarily the mobile malware, but rather the unauthorized users who may access your information.
As mobile devices continue to become more prevalent, it is important for you to take a strategic approach to securing your organization’s mobile device certificates. Following these 5 steps will help you to avoid misuse of these certificates and protect your organization against trust-based attacks that use mobile devices as an attack vector. But you don’t have to do it alone. Venafi offers a solution that can help you develop an approach to securing your mobile certificates.
This blog was originally posted by Patriz Regalado on May 27, 2014.