What is it about mobile devices that, more than anything else, keeps IT security executives from getting a good night’s sleep – especially in today’s increasingly “bring your own device” (BYOD) environment?
No doubt, the biggest worry about mobile devices for IT security executives is how to be sure that a device is in the safe hands of the right person. Are the actions being performed on that device authorized?
There is good reason for BYOD-induced tossing and turning in the IT security profession. In the homeland security and defense space, highly sensitive and strategic government information is at risk. In the medical and healthcare arena, where HIPAA regulations govern confidentiality of patient records, access by persons other than the patient and his or her doctors can compromise diagnosis and treatment. In retail, sales data and other confidential company information can be stolen.
Tracking BYOD trends
According to 2012 data from International Data Corporation (IDC), global smartphone shipments passed global PC shipments for the first time in history. IDC data also show that in 2013, more mobile devices were used to access the Web than PCs. According to IDC, more than 70 percent of enterprises are in various stages of permitting mobile access in-premise or in the cloud.
Another key trend predicted by IDC is that IT’s next dominant platform will be built on mobile computing, cloud services and social networking. Meanwhile, predicts IDC, big data analytics will begin transitioning into the mainstream.
Finally, IDC expects spending on mobile devices will continue to increase 18 percent per year, accounting for 80 percent of total IT spending between now and 2020.
In a recent survey of IT executives by AirTight Networks, one out of every four respondents said they view the BYOD trend as a threat to enterprise security, while only one out of seven said they view the BYOD trend as an opportunity to reduce IT costs and improve employee productivity. Six out of 10 said they view the trend as both a security threat and an opportunity to reduce costs and improve productivity. The implication is clear: In most enterprises, BYOD is the cause of sleepless nights for security executives.
Complexities of managing mobile devices
With BYOD comes increased pressure on IT enterprises to integrate and manage a proliferation of mobile devices.
Today we are dealing with a host of BYOD devices, including smart phones and tablets, which are not standardized and much more difficult to integrate. In fact, with so many operating systems and data platforms, it is no longer possible to maintain standard integration and data profiles.
Yet, every security executive knows, the shift in the mobile communications industry toward increased convenience and personalization cannot be stopped. We have to find a way to work across these platforms and tie convenience to security.
Effective management of mobile devices must do more than allow for various security levels and ensure end-user authentication. It also needs to maintain the quality of end-users’ experience by integrating work and personal digital space on a single device and providing ease of use and convenience. At the same time, mobile device management may also have to provide increased security for mobile payments, handle persistent data across multiple platforms and protect end-users’ private information.
Finally, we must be able to manage mobile devices by being prepared to support further expansion of BYOD initiatives in the future.
Mounting security challenges
For IT security executives, there is no shortage of BYOD security challenges. A primary cause for concern is IDC data showing that use of employee-liable BYOD smartphones is outpacing use of corporate-liable smartphones in enterprise networks.