According to David Emm, Kaspersky's senior security researcher, initial problem is that employees no longer work in protected office environments – they work at customer locations, on the road, or in hotels with insecure IT structures.
“The second challenge is that employees now have a greater influence on companies’ smartphone policies. This development – also known as the 'consumerisation of IT' – creates a need for additional security strategy requirements”, he said.
The problem with developing an effective mobile security policy, he added, is that the traditional workplace is disappearing, making the task of securing data a lot harder with staff interacting with the company IT resources whilst on the go.
It's not, he explained, so much that the traditional network perimeter has disappeared. Rather it has become fragmented – and moves around as employees do. This, he said, has increased the points of exposure to malware and hackers.
“Business security is also being affected by a related development, the growing use of smartphones at work. IT departments now have to manage a heterogeneous mix of endpoint devices: desktops, laptops and smartphones – often a variety of different smartphones”, he said.
Emm went on to say that the problem is compounded because many people use the same device for personal and business use.
This means, he argued, that the the loss of data on a device may be bad news not just for an individual, but for the business too, since it could adversely affect the company’s reputation, or put confidential data into the public domain.
Against this backdrop, the Kaspersky senior security researcher said that the potential risk comes not just from the threat of malware, but also from data leakage – either through loss or theft of a mobile device.
“The impact on corporate security is twofold. First, security policies must be revised to reflect the changes in working practices”, he said.
“It's no longer possible for IT departments to defend the traditional network perimeter. Instead, they must apply a security 'wrapper' around every employee – so that they are protected wherever they work and whatever device they use”, he added.
Finally, Emm noted that in order to defend staff whilst they are remote working, the tools that are deployed across the business must be flexible enough to implement this follow-me security policy.