The bring-your-own-device (BYOD) trend poses serious security challenges for enterprises. A 2012 Trend Micro/Decisive Analytics survey report “Mobile Consumerization Trends & Perceptions” revealed that nearly half of enterprises surveyed that allow employee-owned devices to connect to a company’s network have experienced a data breach. Furthermore, 86% of the IT decision makers from the United States, United Kingdom, and Germany reported that smartphone data security is their number one concern when consumer devices are connected to corporate networks.
According to an October 13 New York Times article “Bolstering a Phone’s Defenses Against Breaches,” a handful of technology companies are trying to capitalize on the BYOD trend that people in charge of securing corporate networks say has become their biggest headache. In the past, the author wrote, they could mandate that employees use company-approved BlackBerry smartphones, which came with a tightly controlled network. However, with BlackBerry’s future uncertain and an increasing number of employees requesting to use their iPhones, iPads, and Android-powered devices at work, IT managers have been forced to consider alternatives —and to deal with those alternatives’ security threats.
Data security managers are struggling to keep tabs on sensitive information as employees import data to their personal devices and download mobile apps that have access to corporate assets. Experts and threat researchers warn that these applications have little or no safeguards. According to the article, in the 2013 “Application Security Testing Magic Quadrant” report, Gartner predicts that by 2015, 75% of mobile applications will fail basic security tests.
Businesses and government agencies are already finding that employees’ mobile devices have become a crucial way for attackers to reach a network.
“An enormous amount of applications out there have been Trojanized,” Scott Borg, the director and chief economist at the nonprofit group United States Cyber Consequences Unit, told the New York Times. “They have become one of the main stepping stones for getting into the enterprise.”
Borg explained that the information collected from mobile Trojans “was the first step in ‘spearphishing’ campaigns, in which criminals use that data to tailor e-mails to employees with malicious links or attachments that, once clicked, give attackers a foothold into companies’ systems.”
According to an August 12 Gartner press release, Gartner predicts that 30% of consumer product selection criteria will be based on requirements to secure new mobile computing platforms by 2015. The research firm encourages product managers to include all mobile device platforms alongside traditional desktops and laptops when assessing and deploying security measures. Pricing is especially important since consumers have shown they are less likely to pay for security programs for their mobile devices.
ARMA International’s technical report Mobile Communications and Records and Information Management (ARMA TR 20-2012) helps readers understand mobile communications hardware and applications, provides guidance for writing an organization’s mobile devices policy, and describes security techniques, including the use of authentication, firewalls, encryption, passwords, and software applications. It can be purchased in the ARMA International online bookstore.