Getting a clear understanding on mobile security in the enterprise is like trying to grab a greased pig—the details are slippery and constantly moving.
A new survey by NetEnrich shows that four in 10 North American companies have suffered a mobile device security breach or attack in the past three years that cost the company between $50,000-$100,000. The biggest causes cited were malware apps and the insecurity of the public cloud, according to the survey of 150 IT professionals.
“The reality is enterprise mobile security is a moving target, for which companies and IT professionals must be adjusting constantly,” says Raju Chekuri, president and CEO of NetEnrich. “A policy that works today may not work next year – let alone two to three years from now.”
Educating employees on the importance of mobile device security is also a challenge for technologists. The survey showed more than half had difficulty getting employee buy-in on company mobile device policies.
Goode Intelligence, a global mobile security consulting firm, has listed the top five enterprise mobile security concerns as:
1. Device loss
2. Application security
3. Device data leakage
4. Malware attacks
5. Device theft
The company has been following mobile security since 2007 and has seen many changes over that time. A lingering issue is the prevalence of BYOD policies that take device choice away from companies. However, the counterpoint to that is that workers are accustomed to their own devices and therefore will be more productive while not having to lug around multiple devices.
Although the lines between work life and home life cannot get any fuzzier than they are currently for a majority of workers, choice definitely is important.
In the same article, Goode Intelligence believes that next generation mobile security solutions should have these characteristics:
1. Focus on users
2. Agile Multi-Factor Authentication
3. Mobile Single-Sign-On (SSO)
4. Protect Data
5. Simplified Unified Security
Although every company should be taking mobile device security seriously, the issue is of critical importance in regulated industries such as healthcare, finance and insurance. You need to take both a long view of mobile security and a close-up look at the same time.
At the 30,000-foot level, look at your mobile device policies, the apps you are using and those in development. Have they been developed with the seemingly incongruent demands of being easy to use while protecting data firmly in mind? What policies and procedures does your company have in place to safeguard mobile devices and data? Does your company support BYOD?
Looking more closely, what devices and platforms are your workers using? What changes can you make in app development to keep data safe?
Unfortunately, many companies develop applications without thinking about security, focusing entirely on the business and application features. Discussions about security occur at the time of deployment of the app and when it’s nearly time to launch. Security considerations need to be considered from the very beginning, during the design and development of the app for security to be effective, so it’s really too late at that point.
So companies figure that dropping the application onto SSL/HTTPS or behind a firewall will compensate for the lack of security in the app itself. In reality, these add-ons were never designed to provide primary app or software security—they are intended as secondary security.
The issue of enterprise mobile device security isn’t going away. Would you rather chase the greased pig around, hoping for the best, or do you want to develop a plan that breaks challenges and opportunities down into manageable segments and puts security at the forefront of your plans?