• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Mobile   »   The “Consumerization” of Mobile IT: Risks and Rewards

The “Consumerization” of Mobile IT: Risks and Rewards

  • Posted on:January 17, 2011 at 9:13 pm
  • Posted in:Mobile
  • Author:
    Warren Tsai (Product Manager)
2

Many of us are becoming increasingly familiar with the power and ease of using modern mobile OSs like iOS, Android, Windows Phone 7, and WebOS. These allow users to browse, check their email inboxes, use apps, and connect with friends with remarkable ease.

It shouldn’t be a surprise then that more and more people want to use these same platforms in the workplace. In many cases, the devices are owned and paid for not by the company but by the employees themselves. Many IT departments—faced with manpower and financial constraints due to the economic climate—agree. A Computerworld survey in September 2010 suggested that 75 percent of all organizations already support the use of employee-owned mobile devices, as this presents a win-win situation. The employees are happy in that they get to use the devices of their choice and the employer is happy as the employees shoulder the mobile device and subscription costs.

Many companies now support multiple mobile platforms (e.g., relatively new ones like iOS and Android OS) besides the traditional enterprise platform—BlackBerry OS. It’s also worth noting that whether or not devices are officially supported or not, they will still be used on office networks. In fact, according to a 2010 survey, 41 percent of IT professionals said that unauthorized devices already connect to their networks.

What Kind of “Support” Do Companies Offer?

The degree of “support” offered for these platforms widely varies. Enterprise-oriented platforms traditionally featured strong mobile device management (MDM) capabilities. System administrators can control many aspects of the phones—what settings should be used, what kinds of password are safe to use, what applications can be installed/run, and so on. In an enterprise environment, this was perfectly normal and expected, as desktops are similarly managed.

However, that simply is not the case for employee-owned devices. The platforms themselves may include the necessary features for MDM, albeit one key difference—phones sold to consumers don’t have these features properly set up. IT departments are thus left with two options—provide limited “support” for these devices (which, more often than not, is limited to allowing access to internal email servers) or get their employees to allow MDM onto their self-owned devices. One is easy and cheap to do; the other, more difficult and expensive. Which one will end up being done?

Why MDM Matters

Losing centralized MDM can be a big problem. It puts the security of mobile phones purely in the users’ hands who may or may not be aware of what they can do to secure their devices. In many cases, too, the phone in question is as much an entertainment device as a work device. The user is more likely to care if an application runs well than if his/her device has, say, an auto-wipe policy if it’s stolen. Users will always have other concerns aside from security.

For IT administrators, however, the biggest problem with regard to MDM is the fact that data leakage is never addressed. This happens when confidential information is disclosed to parties that ordinarily would not have access to the said information. With managed devices, administrators could at least disable features that facilitate data leakage such as 3G connectivity, Wi-Fi access, or Bluetooth. Without MDM, whether these features are activated or not is at the users’ discretion who are likely to leave them on in the name of convenience.

What Should System Administrators Do?

What should companies do in such a situation? There are no easy answers. Restricting mobile device support to locked-down, enterprise-centric devices is difficult (particularly as consumer-centric platforms show continued growth). Including employee-owned devices in a centralized device management program is sure to require extensive and difficult negotiations between employees and IT departments as well as to raise costs.

On the other hand, however, simply allowing mobile devices access to office networks is problematic. MDM is one of the most useful tools available to an IT administrator who manages mobile devices and not utilizing it has serious security implications. IT administrators lose the ability to prevent data leakage and generally leave mobile device security in the hands of users and not trained professionals.

The answers will vary for each company. What’s more important, however, is that the question be asked in the first place. Administrators have to go into this process with eyes open and with the awareness of all the possible costs and benefits allowing personal mobile device use entail/bring.

Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:
ENTERPRISE »
SMALL BUSINESS»
HOME»

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Recent Posts

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits
  • August Patch Tuesday Fixes Critical IE, Important Windows Vulnerabilities Exploited in the Wild
  • Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.