RSS Alerts

Share

More services

Related Stories

Top 5 Stories

News

Improved productivity of mobile devices comes at security cost, Forrester warns

26 April 2011

The increasing use of personal mobile devices in the workplace continues to pose complex security challenges, notes Chenxi Wang, an analyst with Forrester Research.

While the use of personal mobile devices improves productivity in the workplace, there is a growing concern among IT administrators about the security risks associated with their use, Wang argues in her report "Managing the Security and Risk Challenges of Personal Devices in the Workplace".

“The number one security risk that every always talks about is data protection”, Wang told Infosecurity. “If employees are accessing sensitive data from mobile devices, especially from personal devices, there is a question about how much control you should have on those devices for data protection”, she added.

In the report, Wang identified four major data security risks from the use of personal mobile devices in the workplace. First, there is a risk of device theft or loss. “From the corporate perspective, device loss could lead to data compromises if sensitive data lives on the device”, the report said.

Second, the mobility and portability of the devices increase the threats to data protection. “To defend against casual data access, you can implement PIN-based entry and device lock. To protect against active attacks, you will need measures like full disk or file encryption”, the report argued.

Third, employees could use personal mobile devices to carry out malicious insider attacks. “If you are concerned with employee misuse or malicious insider threats, encryption alone does not do the job. You need to actively restrict data manipulation operations like cut-and-paste and control which mobile apps can handle the corporate data”, Wang argued in the report.

Fourth, data-stealing malware is increasingly attacking mobile devices. “These malware attacks have the ability to root the device and therefore bypass all local security measures. Personal devices that have the freedom to download any apps are a ripe source for infection”, the report warned.

“When employees bring in personal devices, they may not conform to the company’s security standards. When that happens, the IT department is left with two choices. They can either demand that the employees’ devices conform to those standards, or they take the risk of having nonconforming devices in the environment. Those risks are often unknown”, she told Infosecurity.

Wang recommends that enterprises take a number of steps to reduce the risks posed by mobile devices in the workplace. “The first thing you need to do is have a policy governing the use and operation of these personal devices in your enterprise network. This policy should demand that the owner of the device take on certain responsibilities in safeguarding the corporate information on the devices, as well as keeping the device in a reasonable state regarding security”, she said.

In addition, enterprises should perform a risk/benefit analysis. “Are the risks posed by these mobile devices reasonable enough for you to tolerate. And what sorts of enterprise applications and resources will you allow the device to access”, she added.

Finally, enterprises need to decide whether deployment of additional technologies are needed to secure these devices “in order to meet your security goals and policies”, she concluded.

This article is featured in:
Compliance and Policy  • Wireless and Mobile Security

 

Comments

robkersey says:

26 April 2011
The answer we have found with our customers is to opt for a Sandboxed application approach such as Excitor's DME. The IT department manages the application and not the device, the end user is still able to install and use all the applications they choose without losing the 'cool' features they rely on. The CISO is happy as the application data is encrypted at rest and can be wiped OTA when the user leaves the company. Additional features from Excitor's DME such as Root and Jail Broken device detection also add additional security.

Rob Kersey
Mobility Conslutant @
www.celeritymobile.com

Note: The majority of comments posted are created by members of the public. The views expressed are theirs and unless specifically stated are not those Elsevier Ltd. We are not responsible for any content posted by members of the public or content of any third party sites that are accessible through this site. Any links to third party websites from this website do not amount to any endorsement of that site by the Elsevier Ltd and any use of that site by you is at your own risk. For further information, please refer to our Terms & Conditions.

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012