Mobile Security: The Enterprise Security Weakness
The rapid growth of mobile devices and apps in the workplace certainly has potential advantages for companies and employees. Workers can more easily access corporate data from a variety of locations, they can better communicate and collaborate with colleagues around the world, and ultimately be more productive because of the flexibility afforded by these devices.
But the mobile revolution is also bringing daunting challenges in terms of information security. Perhaps the biggest worry is that mobile devices — and the business data stored on them — can be lost or stolen. If they fall into the wrong hands, any unencrypted data is up for grabs.
In addition, with increasing mobility, the network perimeter has expanded more than ever or in some cases virtually disappeared, and IT and security executives need to find ways to get a handle on the mobile environment — including the Bring-Your-Own-Device (BYOD) segment of mobility.
All of this adds up to make the mobile computing environment one of the more prominent information security risks for enterprises. And industry research indicates that many companies are falling short when it comes to mobile security.
A March 2015 report by the Ponemon Institute and IBM showed that nearly 40% of large companies, including many in the Fortune 500, are not taking the right precautions to secure the mobile apps they build for customers. The study also found that organizations are poorly protecting their corporate and BYOD mobile devices against cyberattacks, providing an opportunity for hackers to easily access user, corporate and customer data.
The number of mobile security attacks is continuing to grow, the report says. “At any given time, malicious code is infecting more than 11.6 million mobile devices,” it says. The study, which researched security practices in more than 400 large organizations, found that the average company tests fewer than half of the mobile apps they build.
One third of the companies never test their apps, “creating a plethora of entry points to tap into business data via unsecured devices,” the report says. “While these numbers may seem shocking, they aren’t surprising when considering that a full 50% of these organizations were found to devote zero budget whatsoever toward mobile security.”
Hackers are now taking advantage of the growing popularity of insecure mobile apps and public Wi-Fi networks to break into the valuable business data often housed on BYOD and corporate mobile devices, the Ponemon report notes. They’re also tapping mobile devices as an entry portal into enterprises’ internal networks.
Enterprises need to take steps to better secure their websites, data, applications and networks or they might find themselves being another victim of a data breach. Here are some suggested steps:
- Conduct a high-level security assessment, including evaluating the security in place for the growing mobile environment. If it makes sense, bring in a security services provider with expertise in enterprise security to help with the assessment. Such an assessment can help turn up weaknesses and vulnerabilities that a company might not know exist, and will highlight some of the areas organizations need to focus on to bolster cybersecurity.
- Make sure information security policies are up to date. As Forrester points out in its June 2015 report, “Top 11 Trends S&R Pros Should Watch: 2015,” security and risk (S&R) professionals need to look beyond technology to people and processes. As the report notes, “new technologies have emerged, but none are game changers today. S&R pros must continue to focus on their security program, including people and processes, to address evolving threats and externalities like changing data localization requirements. Data governance and stewardship will be critical for big data efforts.”
- Deploy enterprise mobility management (EMM) software and other mobile management tools. EMM provides the ability to manage and secure mobile devices, whether they are company or employee owned. They are designed to be used for smartphones and tablets, and many support a variety of mobile operating systems. The need for EMM has risen quickly in the past year, as enterprises seek ways to manage all facets of mobile security, including the devices, apps and data, according to a May 2015 report by research firm The Radicati Group.
- Create a formal BYOD program. Given the fast proliferation of mobile devices and the fact that many employees prefer to use their own devices on the job, it’s a good idea to formalize the concept and set clear guidelines on the secure use of these devices. This includes required security tools and updates, permissible apps, etc. With a BYOD plan in place, managers and staff will have a good understanding of what’s expected and the company will have a better chance to have a secure, successful mobility strategy.
Get in touch with Insight at 1.800.INSIGHT. If you're still researching on your own, find answers to your pressing security questions and discover background information that will help you make a well-informed decision.