Home » Technology » Security » Are we considering mobile security when developing a mobile strategy?
Enterprises large and small are going mobile. In fact, with BYOD (bring your own device), a wide range of mobile devices are making their way into businesses, and employees are exposing companies to security issues through shadow IT, the cloud, and the app economy, with or without their knowledge.
A new study by eBay shows that one in every four online SMBs will adopt a mobile strategy in 2015. Many businesses are now looking to get a grip on mobile and take back control of the tools and tech being deployed inside as well as outside of the company. Yet they’re all facing the same challenge—how to handle security.
With practices like BYOD becoming the norm in most organizations, the potential threat of unsecured mobile devices is increasing exponentially. A 2014 ESG research study found that a compromised mobile device was the main cause of security breaches for 47 percent of businesses. The unhindered flow of mobile apps into the enterprise poses a high risk. Gartner predicts that 75 percent of mobile security breaches by 2017 will be caused by misconfigured apps. While it’s difficult to estimate the exact cost of mobile security breaches, we do know it’s definitely less expensive to adopt a security strategy and prevent them from happening in the first place.
The biggest questions that CIOs and business leaders need to ask themselves are: What are the security gaps in their mobile strategies, and how can they fill those gaps?
Mobile device management (MDM) strikes us as the most obvious way to control and manage mobile devices used in an organization. However, it’s not enough to secure just the device. To compete with and control the host of security threats that are emerging, CIOs need to go beyond MDM and start considering mobile application management (MAM) and mobile information management (MIM) in order to bring the entire range of data and apps used on the devices within their control.
With BYOD in action, there is a lot of sensitive company information floating around on a bunch of different gadgets. Plus, it isn’t uncommon for one person to have a smartphone, tablet, laptop, and several other devices that connect to the Internet, all of which pose security risks. Many people use the same devices for personal and work purposes. Are they consistently connecting to secure networks? Definitely not. This leaves enterprises vulnerable to huge data leaks. Organizations need to explore enterprise VPN connectivity to keep business, personal apps, and data separate and secure.
BYOD is no longer just about devices. Today, the practice also applies to apps and software. Therefore, CIOs and business leaders need to plan their mobile strategies by keeping in mind the onslaught of applications, plus the different devices being used.
Locking down unmanaged services and third-party apps is hardly a solution since people will use them anyway, with or without IT’s knowledge. Plus, restricting an employee prevents organizations from taking advantage of a mobile workplace and neither practice is compatible with BYOD. Instead, the idea is to limit their incentives to use these services and apps. How? By providing IT-provisioned apps that are as job-efficient as their consumer counterparts, which may stop some of the BYOA (bring your own app).
The next step to developing a secure mobile strategy is to make sure employees receive the maximum training and exposure to the best practices and policies in place. In fact, employee education is the keystone of a secure mobile strategy. It’s crucial to keep staff well-informed to get the greatest possible mobile endpoint security. Even the best solutions will fail if not implemented and used correctly. As businesses continue to expand their mobile strategies, educating people on the best way to protect company data will be a fundamental key to its success.
Despite all the precautions we take, in this era of growing tech challenges, we can never be fully at rest with our security strategies. Change is the only constant in the world of digital security, which means once you have a mobile strategy in place, you need to remain proactive, and look for new ways potential threats can arise and how best to combat them before they do any damage. Your mobile security needs to always stay one step ahead of this new digital workspace.
Additional Resources on this Topic:
The Perils of Shadow IT: Your Most Senior Executives Are Doing It [Ask Hillary]
Stale, Dead Apps Emerging as Serious Mobile Security Risks
The Millennial Report: Making Mobile Security Convenient is Key
This post was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies.