For all the benefits provided by advanced mobile devices in the workplace, the technology also presents a number of data protection hurdles, which, according to an analyst from research firm Ovum, many businesses are failing to address.
In an interview with Infosecurity, Ovum senior analyst Andrew Kellett called current mobile security practices "immature," especially as they pertain to network access control (NAC). Many businesses are now equipping employees with smartphones and tablets – or allowing them to bring in their own devices – but they have not taken the necessary precautions to ensure these devices connect to the company network in a secure way.
"We are talking about devices that people have made a personal choice to purchase," Kellett told Infosecurity. "The issue for business is that senior people see these as valuable for connecting to systems and networks."
However, this should not suggest that businesses can ignore the issue of mobile security. Smartphones and tablets – far more than traditional desktop PCs – have a penchant for being lost or stolen. An employee could easily lose such a device stepping out of a taxi or dropping it between seats on an airplane. Additionally, the mobile devices could also be stolen if left unattended at a restaurant, a bar or even at the office itself. In one particularly embarrassing instance, Apple lost a prototype of its iPhone 4 last year before it hit the market. The company suffered another gaffe a year later when an employee reportedly lost a prototype for the iPhone 4S at a bar.
A May 2011 study from Juniper Networks found that the number of threats affecting mobile devices has soared in the last year. Android-focused malware, for example, has increased 400 percent, and targeted Wi-Fi attacks have increased as well. As smartphones and tablets become the preferred computing devices among consumers and business users, so too are they becoming the preferred targets of cybercriminals.
This means that it's now more important than ever for companies to roll out programs and policies that control how employees access corporate data. Among other things, this may include requiring the user to submit a username and password whenever logging onto a corporate network, or it could involve a program that allows a smartphone to separate corporate and personal functions, essentially allowing the phone to work as two devices on one platform.
Many experts note that some employees may be hesitant to let their employers upload security programs onto their personal devices. However, in order to ensure the utmost data protection, it is imperative that these controls be introduced. If an employee does not want his or her phone to run such programs, a company is advised to restrict access to corporate networks from such devices, as a matter of data security policy.
According to the Infosecurity report, some experts doubt that NAC will take off for smartphones and tablets, because the company itself does not own the mobile devices. However, a 2010 study from ABI Research suggests otherwise, predicting that the mobile security market will surpass $4 billion by 2014. As companies recognize the importance of protecting their mobile devices, security measures, such as mobile device management and antivirus software, will receive greater attention, ABI noted.
However, as Kellett pointed out, mobile data security practices are not yet where they need to be. As cyberthreats shift more toward mobile devices, it will be necessary to lock down mobile use policies to ensure companies are adequately protecting their data. Failure to do so could result in serious financial and reputational damage and can affect a company's ability to operate.
Consumerization News from SimplySecurity.com by Trend Micro