Building a game plan to tackle mobile risks
We live in a hyper-connected world. Everywhere you go, everywhere you look, you will be able to witness people and organisations interacting with each other through the internet via a multitude of devices, applications and services. The hyper-connected reality of today has been driven forward by many elements but, in recent years, it has been the increased productivity, flexibility and convenience offered by mobile devices that has been a major proponent. Google’s Larry Page may have said it best when he said we are no longer in a mobile first world, we are in a mobile only world.
The use of mobile devices, which includes notebooks, smartphones and tablets is trending upwards. These devices are key elements of the modern technology ecosystem, and smartphones are leading the charge. IDC’s Worldwide Quarterly Mobile Phone Tracker shows that the global smartphone market grew 13% YoY in Q2 2015, with 341.5 million shipments. The growth is primarily due to gains in emerging markets such as the Middle East and Africa and APEJ.
In the enterprise space, the adoption of mobile devices is rapid, as employees and customers look for greater productivity and convenience. With a smart mobile device and sufficient IT infrastructure, an enterprise’s employees can access company resources and interact with customers from anywhere in the world. Customers, likewise, benefit from a higher level of service and are, now, closer than ever to their suppliers.
While the adoption of mobile devices in the physical and virtual enterprise space offers tangible benefits, there are also challenges that IT staff has to overcome, in order to provide a safe and secure environment.
Understanding the challenges
By adopting mobile devices and concepts like Bring Your Own Device, enterprises are at risk of exposure to threats such as data breaches, malware and even compliance violations by their own employees. In mature markets this is plain to see, in the United States, 90% of federal government employees are using mobile devices in the workplace but just 11% of those employees adhere to mobile security best practices. These results are part of the 2014 Mobilometer Tracker: Mobility, Secure and the Pressure in Between, which was published by Mobile Work Exchange in January 2014.
Similar challenges can also be observed outside of the public sector, in areas such as financial services, healthcare, retail and many others. This is putting immense pressure on IT teams that want to deliver a flexible, and satisfying, experience for employees and customers via mobile devices, whilst ensuring the environment is safe, secure and compliant.
A global study of 140 IT professionals that are registered on TechTarget web communities shared a number of eye-opening insights on the challenges they face. Nearly 90% of the respondents said their organisations support a BYOD policy but barely half said that it is an official programme within their organisation. The use of convenient cloud-based services was also found to be widespread among respondents’end users, however fewer than half the respondents said they officially support those services.
Malware, lost and stolen devices, accessing inappropriate content and using social media platforms are the biggest concerns respondents said they have with the increased use of mobile devices in the workplace. Seven in ten of the respondents also said that the increased use of mobile devices by employees and customers has significantly or moderately raised their organisation’s risk profile.
Similarly, almost every respondent said that providing an enhanced user experience through mobile device usage has had a negative impact on security and compliance.
Mobility and BYOD are no longer just concepts and trends, they are a fact of life for many organisations and IT professionals around the world. The study found that 87% of the respondents indicated that their organisation has some kind of BYOD policy. At the same time, the study found that only 54% of the respondent’s organisations actually had a formalised BYOD policy that was driven by IT.
Furthermore, 19% of the respondents said that their organisations had informal BYOD policies that were driven equally by IT and users, whereas 14% said that it was entirely driven by users. Only 13% of the respondents said that their organisations do not allow BYOD. The data here highlights that mobility is an unstoppable force, and one that requires IT departments to keep abreast of latest developments and stay ahead of the game, in order to protect the enterprise, as well as its assets.
Tackling the risks
In the face of growing mobile adoption, securing an enterprise within a budget, while ensuring that the user experience is not diminished, is a daunting task for IT professionals. There are numerous options and challenges to address, which can make deciding on a course of action quite tricky.
A good place to start is to initiate discussions with vendors, who have knowledge and track record in implementing secure identity solutions. It is also wise to reference what enterprises and IT professionals around the globe are doing to secure themselves.
A recent TechTarget web study found that enterprises are implementing two-factor authentication, single-sign-on, and audit trail software to protect employees and organisation data. Two-factor authentication was used by many of the respondent’s respective organisations, though the study found that it was also not an enterprise-wide solution. 44% of the respondents also said that they require their customers to use two-factor authentication for accessing services from their mobile devices. Securing employee, as well as customer access, is crucial since these points of access can be targeted, and used, to access enterprise resources.
Protecting data with single-sign-on was also viewed as being worth the cost and effort associated with deploying and managing that functionality, according to the study. Additionally, many respondents said that it is important for organisations to use audit-trail software or services to track employees’ access to online or cloud applications.
IT teams should examine and identify exactly which concerns about security and compliance worry them the most, in relation to the increased use of mobile devices in the environment. The study showed that one of the biggest concerns for IT professionals was malware on user devices, 67% of the 140 respondents were worried about this. The next worry was lost, stolen devices, followed by accessing inappropriate content.
Before deciding on a course of action, it is just as important for IT staff to fully understand the range of options that they can turn to within their budget, to achieve their objectives. The study found that, at the moment, there is a lack of knowledge, with most respondents of the study readily acknowledging that they need to be more aware of all the options available to them.
Mobility offers enterprises, employees and customers immense flexibility and convenience, and while there are definitely risks, there are also ways in which organisations can effectively overcome security challenges. IT staff have to be proactive in their efforts at securing their IT ecosystem by working with the right partners to deploy comprehensive and effective IT security solutions.
Ian Lowe, Senior Manager of Product Marketing, Identity Assurance, HID Global.