Skip to main content

Technology in the hands of businessmen

Getting a clear understanding on mobile security in the enterprise is like trying to grab a greased pig—the details are slippery and constantly moving.

A new survey by NetEnrich shows that four in 10 North American companies have suffered a mobile device security breach or attack in the past three years that cost the company between $50,000-$100,000. The biggest causes cited were malware apps and the insecurity of the public cloud, according to the survey of 150 IT professionals.

“The reality is enterprise mobile security is a moving target, for which companies and IT professionals must be adjusting constantly,” says Raju Chekuri, president and CEO of NetEnrich. “A policy that works today may not work next year – let alone two to three years from now.”

Educating employees on the importance of mobile device security is also a challenge for technologists. The survey showed more than half had difficulty getting employee buy-in on company mobile device policies.

Top Mobile Security Threats

Goode Intelligence, a global mobile security consulting firm, has listed the top five enterprise mobile security concerns as:

1.     Device loss

2.     Application security

3.     Device data leakage

4.     Malware attacks

5.     Device theft

The company has been following mobile security since 2007 and has seen many changes over that time. A lingering issue is the prevalence of BYOD policies that take device choice away from companies. However, the counterpoint to that is that workers are accustomed to their own devices and therefore will be more productive while not having to lug around multiple devices.

Although the lines between work life and home life cannot get any fuzzier than they are currently for a majority of workers, choice definitely is important.

In the same article, Goode Intelligence believes that next generation mobile security solutions should have these characteristics:

1.     Focus on users

2.     Agile Multi-Factor Authentication

3.     Mobile Single-Sign-On (SSO)

4.     Protect Data

5.     Simplified Unified Security

Security Starts with a Plan

Although every company should be taking mobile device security seriously, the issue is of critical importance in regulated industries such as healthcare, finance and insurance. You need to take both a long view of mobile security and a close-up look at the same time.

At the 30,000-foot level, look at your mobile device policies, the apps you are using and those in development. Have they been developed with the seemingly incongruent demands of being easy to use while protecting data firmly in mind? What policies and procedures does your company have in place to safeguard mobile devices and data? Does your company support BYOD?

Looking more closely, what devices and platforms are your workers using? What changes can you make in app development to keep data safe?

Unfortunately, many companies develop applications without thinking about security, focusing entirely on the business and application features. Discussions about security occur at the time of deployment of the app and when it’s nearly time to launch. Security considerations need to be considered from the very beginning, during the design and development of the app for security to be effective, so it’s really too late at that point.

So companies figure that dropping the application onto SSL/HTTPS or behind a firewall will compensate for the lack of security in the app itself. In reality, these add-ons were never designed to provide primary app or software security—they are intended as secondary security.

The issue of enterprise mobile device security isn’t going away. Would you rather chase the greased pig around, hoping for the best, or do you want to develop a plan that breaks challenges and opportunities down into manageable segments and puts security at the forefront of your plans?

Rajesh Thampi

About the author

Rajesh Thampi

Practice Director, Digital Development & Ops

Rajesh has been researching cutting edge technologies and trends as the Digital Practice Director with Pyramid Consulting since 2011. His day to day features a mix of training internal teams, advising clients, and setting the technological path for all of his Pyramid Consulting peers. His driving force in life and in work is “the need to know, the ability to do, and the vision for perfection”. Rajesh prides himself on his ability to cultivate and comprehend technology on a high level, for his own joy and the success of his Pyramid Consulting family.

Cookie Notice

This site uses cookies to provide you with a more responsive and personalized service. By using this site you agree to our privacy policy & the use of cookies. Please read our privacy policy for more information on the cookies we use and how to delete or block them. More info

Back to top