Security Theater is defined as “the practice of investing in countermeasures intended to provide the feeling of improved security while doing little or nothing to actually achieve it.” (Source: Wikipedia).
Many organizations roll out so-called security policies and solutions aimed at securing their apps, data, networks and increasingly, employee-owned mobile devices.
In reality, however, these measures do little more than giving the impression of security.
Having said that, the simple impression of security can be enough to deter intent to unlawfully tamper with data or apps.
Specifically for mobile security, IT and Security departments have been implementing expensive MDM solutions (Mobile Device Management), while what really needs to be secured is not the device: it’s the app and the data.
Trying to manage the device could be a lost battle – what with the proliferation of device types, operating systems, versions and so on.
It is just another burden on an already stretched IT team, especially as the rate of evolution of new threats and device vulnerabilities continues to escalate.
Instead, focus on the important entities: apps and data
- Focusing on the apps and the data allows the enterprise to hone in on the thing they really care about, and that’s where security measures should be applied.
- Apply security and monitoring controls to the applications and their data.
- Consider using your own app store to distribute your enterprise apps, and revamped, secured third party apps to your employees.
- Continually monitor the apps to prevent security vulnerabilities that might arise.
Not only will focusing on the apps and data prevent expensive security theater implementations, it will apply your enterprise’s resources where they matter the most, and have a much higher chance of succeeding in securing its digital assets.