Mobile security focus is on the rise, but still needs work

BYOD: the Lady Gaga of infosec
BYOD: the Lady Gaga of infosec

In fact, BYOD is so hot right now, it may as well be considered to have security celebrity status.

Fortunately, IT departments are putting accommodations in place to match its stature as the next big threat.
"Like it or not, BYOD is here to stay,” said Lamar Bailey, director of security research and development for nCircle. “There's no denying that it adds lots of new exposures and network entry points that must be monitored and secured. Organizations are definitely scrambling to secure these new devices while maintaining network uptime and access.”

Already, the survey shows, 71% of respondents said their organization has a mobile security policy, a 9% increase from 2011. Even better, a full 85% of respondents said their organization enforces their mobile security policy, a 29% increase from 2011.

Correspondingly, the focus on threats emanating from social media activity has waned. While 2011 was the year of companies trying to figure out how to use Twitter and Facebook for marketing, 2012 is the year of focusing on the devices used to tweet, friend and share.

“Mobile device security has clearly eclipsed social media concerns from an IT policy perspective,” said Andrew Storms, director of security operations for nCircle. “The number of companies that enforce their mobile device policy has increased 29% over the last twelve months, a sharp contrast to enforcement of social media policy, where compliance is stable or dropping. Companies clearly realize that the security risks associated with social media aren’t nearly as serious as those associated with BYOD, and they’ve adjusted their focus accordingly.”

That said, only 68% of respondents believe their organization adequately enforces their internal IT policies. This suggests that while policies are being put in place, their effectiveness is still a moving target.

"The surge in BYOD has IT departments scrambling to make sure their networks can accommodate these devices securely,” said Bailey. “IT departments are buckling down and deciding on policies that determine how these devices can be managed with an acceptable level of risk."

He added, “IT has to shuffle priorities and expand good risk management practices to cover these devices to stay ahead of growing mobile threats.”

“Growing” would be the operative term. As more and more consumers adopt smart devices, the greater the likelihood becomes of a significant percent of an enterprise’s workforce will be using them for work functions. And correspondingly, mobile malware attacks are on the rise. But just as with every technology shift, IT departments will need to adjust dynamically.

"BYOD is just the most recent security issue to disrupt IT networks, and the response process is the same,” said Storms. “Every IT departments needs to get out ahead of the tidal wave of mobile devices by building a plan that identifies and controls BYOD risks. If you haven't done this yet, do it now."

What’s hot on Infosecurity Magazine?