As companies adopt BYOD (Bring your own Device) policies and employees take advantage of the increased portability and convenience of smartphones and tablets, mobility has taken center stage in the modern workplace. Nonetheless, adoption of mobile security practices lags behind traditional risk management efforts, a fact confirmed by a recent Computerworld survey of IT executives.
The publication’s latest survey assessed the current IT landscape by polling 334 IT executives, revealing a number of discoveries about the state of mobile security and the strategies organizations plan to use moving forward.
No singular solution
More than half of the executives surveyed by Computerworld reported that they are increasing mobile risk management efforts. The approaches to mobile security strategy varied among companies and included a blend of deploying technologies and adopting new best practice policies.
Thirty-eight percent of survey respondents said they were working with third parties to reduce their risk. One organization highlighted by Computerworld was the Georgetown Hospital System, which has employed mobile device management software with the goal of maintaining a unified management platform to cover iOS, Windows Phone and BlackBerry devices. Another business Computerworld highlighted, Roanoke, Virginia’s HomeTown Bank, anticipated employing a cloud-based mobile security tool in 2013 that would allow remote data wipes and other protective measures.
HomeTown Bank also touted its acceptable use policy, which employees have to review and accept annually. Bank vice president and IT director Michael Wright described the policy to Computerworld as “kind of a living document” that could evolve to suit changing needs. The document mandates that workers use locking and encryption methods, and it also serves “to educate bank employees on customer information and security awareness,” Wright told the publication.
However, the number of organizations going to the same lengths as those profiled were limited. According to the survey, only 46 percent of respondents have a formal mobile device management strategy, while 17 percent said they had shelved their security concerns to focus on the company’s greater goals.
Given the currently low levels of adoption, several analysts predicted that mobile and BYOD security would be hot topics in 2013.
"We think mobile security, app management, intelligence and threat detection will be in demand," Vishal Jain, an analyst at 451 Research, told Computerworld. Darlene Libiszewski, senior vice president of IT at Massachusetts’ Chicopee Savings Bank, expressed a similar opinion.
"I anticipate BYOD being an area of focus in 2013, and therefore I may seek help with anything from writing the policy to evaluating and implementing solutions for mobile device firewalls, [antivirus tools] and management software," she told the publication.
Sensible policies for all users
The Computerworld report echoes trends summarized in a recent comprehensive study from the U.S. Government Accountability Office, which looked at existing mobile threats as well as the mobile data security practices in place at various organizations. The report concluded that, despite existing efforts to promote secure technologies and practices through public private partnerships, many safeguards have not been consistently implemented.
The GAO recommended that the Federal Communications Commission push the private sector to adopt "a broad, industry-defined baseline of mobile security safeguards” and also suggested the Department of Homeland Security take steps to measure the effect of its cybersecurity awareness education efforts.
Despite these recommendations, private organizations may not want to wait for formal advice or requirements to take steps to implement a risk management policy in line with current security concerns.
“Smart IT executives are mapping out strategies for managing their organizations' mobile risks and benefits,” wrote Computerworld’s Bob Violino.
Security News from SimplySecurity.com by Trend Micro