The penetration of mobile devices into enterprise environments has increased steadily during the past several years. Driven by innovative technologies and numerous trends – most notably consumerization and bring-your-own-device policies – more employees than ever are relying on smartphones and tablets to get their work done.
Still, this use has so far done little to temper data security concerns harbored by organizations and their IT departments. The prevailing belief is that enterprise data stored on mobile devices is vulnerable to theft and loss.
"IT professionals see many of the same security risks in mobile devices such as smartphones that have long been a concern for laptops and notebook computers," Boston Research Group partner and research analyst Paul McClanahan said recently.
McClanahan's comments come after the Boston Research Group polled 365 North American IT security professionals in companies with 1,000 employees or more. The poll revealed that data security remains a top concern for companies engaging in enterprise mobility.
Overall, 68 percent of respondents admitted to being concerned about the risks associated with mobile devices accessing the corporate network. More than a quarter said they feared data loss, while 23 percent were concerned about malware. Fourteen percent cited unauthorized users and devices as top threats and 13 percent highlighted network intrusions.
"Device mobility, wireless access, personal applications and the high risk of lost or stolen handhelds creates a need for added defenses against data loss, unauthorized access and malware," McClanahan added.
A recent report from InformationWeek outlined a number of those measures and security practices that companies can follow to lock down a mobility program.
For starters, the report stated, organizations need to think of mobile security in the context of an overall data security program. In other words, protecting the information stored on and accessed by smartphones and tablets is no different than if it resided on servers and end users' desktop computers.
"If I've got the same accessibility in a small device, then you need to think about it in the same manner," Tony DeLaGrange, a senior security consultant at Secure Ideas and instructor for the SANS Institute, told InformationWeek.
Other suggestions offered by InformationWeek included the need for companies to draft, implement, communicate and enforce a mobile data security policy. According to DeLaGrange, the policy should include provisions for the management and control over mobility that are in line with the rest of the organization's security documents.
Consumerization News from SimplySecurity.com by Trend Micro