Mobile Security: Why You Need to Go Beyond the Basics
used with the permission from Symantec
Just how quickly are enterprises adopting mobile applications?
Very, very quickly.
According to one recent survey, as many as 71% of organizations are using or planning to use custom mobile applications.
“We have reached a tipping point in the business use of mobile devices,” concludes Symantec in a 2012 State of Mobility Survey. “Most organizations are making line-of-business applications available [to mobile devices].”
The reasons for this, of course, are clear: Businesses want to improve agility, increase workplace effectiveness, and take less time to accomplish business-critical tasks.
But there is a price to pay. Survey respondents said they are keenly aware of the potential risks mobility can pose, ranking mobile devices as one of their top three IT risks. Specifically, they’re worried about losing devices, data loss, and malware infecting the corporate network through smartphones and tablets.
Continue reading to learn how this mobility tipping point is affecting IT and what steps organizations need to take to improve the effectiveness of their mobile initiatives.
Mobile devices now considered critical business tools
The State of Mobility Survey underscores just how rapidly mobility has gone “mainstream.” For example, it wasn’t long ago that organizations routinely banned mobile devices from the corporate network or restricted them to accessing email. Today, nearly 60% of organizations are making line-of-business applications accessible from mobile devices. And nearly three-quarters (71%) of them are even looking into implementing a corporate “store” to distribute their mobile applications.
At the same time, the survey found that mobile initiatives have a significant impact on IT resources. Nearly half of the organizations surveyed (48%) see mobile computing as “somewhat to extremely challenging,” adding that their top priorities are security, backup, and dealing with lost or stolen devices. On average, nearly one-third of the IT staff (31%) is involved in some way with mobile computing.
While IT organizations recognize that mobile adoption is not without risks, fewer than half of the respondents have implemented such security measures as antivirus software and remote disabling of devices.
That could pose a serious problem, particularly as cybercriminals are now turning their full attention to mobile technology. The recent increase in mobile malware—especially that targeting the Android platform—is most likely only the beginning of the story.
Case in point: A recent research report from Symantec, “Motivations of Recent Android Malware,” sheds light on the current monetization schemes behind the growing wave of malware focusing on this new mobile computing platform. The report suggests that the Android’s open platform and surging popularity provide attackers with more than ample motivation to concoct increasingly sophisticated revenue-generating schemes.
Regardless of the operating system they deploy, organizations large and small are seeing damages mount due to mobility-related security issues, according to the State of Mobility Survey. Over the last 12 months, mobile incidents for enterprises—including data loss, damage to the brand, productivity loss, and loss of customer trust—averaged $429,000.
Despite these very real losses, most organizations still feel that mobility continues to be worth the challenges and risks involved. Nearly three-quarters (71%) said they at least break even when it comes to risks versus rewards.
Don’t choose between productivity and security
The dramatic shift in the nature of mobility, from being an email extension to a core business enabler, means that enterprises must begin thinking beyond the simple case of lost or stolen mobile phones. Symantec recommends the following steps:
- Enable broadly. Plan for line-of-business applications that have mainstream use. Employees will use mobile devices for business one way or another—make it on your terms.
- Think strategically. Think beyond email. Explore all the mobile opportunities that can be introduced and understand the risks and threats that need to be mitigated.
- Manage efficiently. Mobile devices are endpoints that require the same attention given to PCs and laptops. The management of mobile devices should therefore be integrated into your overall IT management framework and administered the same way. Don’t treat mobile applications as a separate “silo.”
- Enforce appropriately. You need to enforce acceptable usage policies that accommodate both corporate-owned and privately owned devices. Plan for this legally, operationally, and culturally.
- Secure comprehensively. Look beyond basic password, “wipe,” and application-blocking policies. Focus on the information and where it is viewed, transmitted, and stored. Integrate with your existing data loss prevention, encryption, and authentication policies.
Symantec advances enterprise mobility strategy
Symantec recently announced several advances in core areas of its enterprise mobility strategy, with enhancements specifically for the Android, iOS, and Windows Phone 7 platforms. Symantec’s mobility strategy addresses enterprises’ concerns by stressing the application of corporate security policies uniformly on all mobile devices, endpoints, and applications. The aim is to help organizations secure mobile data and enable business productivity for both corporate-managed and personally owned, unmanaged devices. This enhanced support is intended to give enterprises the visibility and control they need to confidently embrace the proliferation of mobile devices.
Conclusion
A tipping point has been reached in the business use of mobile devices. That’s why it’s more important than ever that the hundreds of millions of employees throughout the world who use mobile devices such as smartphones to access corporate information do so securely. Organizations that want to realize the competitive advantages offered by mobile computing need to apply corporate security policies uniformly on all mobile devices, endpoints, and applications.