Everywhere you go these days, you see smartphones and tablets. There’s no question that these devices have transformed our lives and made it easier than ever to conduct business and access corporate information. From accessing email in the airport to video conferencing at home, mobile devices are enabling more people to be more productive in more places.
Along with this constant availability and immediate access comes increased risk to businesses due to loss or theft of their sensitive information. Moving forward, information security and IT teams need to work together with the business in order to find the right balance between implementing a mobility strategy that will enable the business to grow faster while minimizing risk to information loss, as users access and share sensitive information from more devices around the world.
Smartphones – and, to an increasing extent, tablets – have officially arrived as bona fide business tools. A majority of organizations (59%, according to Symantec’s recent ‘State of Mobility Survey’) are now making line-of-business apps available remotely. In addition, 71% are even considering the creation of a corporate app ‘store’. Why? IT agility. Given the pace of business today, the ability to react quickly provides a significant edge over the competition by increasing efficiency. The corporate app store will soon become the intranet for corporations, replacing the traditional way of communicating with employees.
While the benefits are significant, so are the risks. Survey respondents rated mobility as the highest security risk in IT, showing a high awareness of the potential liabilities as data is taken outside the protective walls of the company. Businesses of all sizes are experiencing damages from security breaches, including loss of sensitive information, intellectual property and brand damage. According to Symantec’s ‘2012 State of Mobility Survey’, on average, businesses globally incurred USD$247,000 in damages over the past year. Small businesses averaged $126,000 in losses, while enterprises averaged $429,000.
These losses underscore the need for intelligent management of mobile devices. Organizations are responding by increasing the resources they allocate to mobility. Nearly one-third of IT staff is now involved with mobile computing on some level. They are also keenly aware of the risks and are actively considering a variety of security measures, although most still have yet to apply them. But despite the setbacks and challenges, most feel that it’s worth the effort.
| "The corporate app store will soon become the intranet for corporations, replacing the traditional way of communicating with employees" |
In order to implement a successful mobility plan, businesses should adhere to best practices to improve their ability to keep an efficient mobile workforce while minimizing risks. Businesses should poll employees to find out what they need access to and then devise strategies that enable secure access. Proactively develop a plan to provide line-of-business apps that will improve productivity while minimizing risk. They should also manage their mobile infrastructure closely, keeping in mind that smartphones and tablets are endpoints, and take steps to secure them accordingly. Mobile management should be integrated into the overall IT management plan, and policies should be developed and enforced as with other areas of technology.
Businesses will need to enforce mobile usage and security policies, and may need to create or adjust corporate policies to accommodate both corporate- and employee-owned devices. Looking forward, organizations should plan for accommodating new devices being brought into their infrastructure as new products are brought to market. Information security teams will also need to secure their mobile infrastructure and remember that it’s not just devices at risk, but the information they contain. Basic password policies should be supplemented with technologies that include data loss prevention, encryption, authentication, anti-malware, and the ability to remotely wipe and kill the device to provide complete protection.
A sound mobility strategy can help drive value to the business by enabling the ability to more efficiently access and share information globally, but it must follow sound security best practices in order to minimize risk. Businesses need to think strategically while planning their mobile strategy by exploring the risks it presents and taking a cross-functional approach to keeping information secure wherever it resides.
Patricia Titus is the newest member’s of Infosecurity’s Editorial Advisory Board. She is the vice president and chief information security officer at Symantec. Prior to joining Symantec, her previous roles included VP and global CISO for Unisys Corp., and CISO at the Transportation Security Administration within the US Department of Homeland Security. Titus has also held various positions within the US Department of Defense, the US State Department and various private sector firms. Titus is an active member in multiple TechAmerica (formerly ITAA) committees and is on the Women’s Advisory Board for the Girl Scouts Council of the Nation’s Capital, where she mentors young women in the IT field.