Mobile Computing Security Mayhem Continues

Piecemeal approach won’t work – Federal government mobile computing planning provides a good example of what will

I spent the week in Washington DC last week discussing cybersecurity legislation and Federal IT security issues. As part of the tour, I gave a presentation on mobile computing security at the historical Willard hotel. Before discussing MDM, MAM, mobile data security, or anti-malware, I started my session with a few data points from various ESG research projects: 1. 62% of enterprise organizations (i.e. more than 1,000 employees) say that mobile computing initiatives have made security management and operations, “significantly more difficult” or “somewhat more difficult” over the past 2 years. 2. 31% of enterprise organizations claim that they have a “problematic shortage” of mobile computing security skills. 3. 30% of enterprise organizations claim that one of their biggest information security challenges is that the security staff “spends too much time reacting to problems and not enough time with proactive security management or strategic planning.” 4. 25% of enterprise organizations claim that “mobile device visibility” is their weakest area of security monitoring. So while BYOD and mobile computing initiatives are fairly new, they are already causing systemic security problems. Why? The cumulative impact of immature insecure technology, thousands of new network nodes, limited mobile security skills, and an existing workload are being virtually ignored. When security is an after-thought the CISO and his or her team are always fighting uphill. In this case, the hill looks more like Mt. Everest. Mobile computing security must accommodate new business processes, new risks, and privacy requirements at scale. You can’t do this by throwing new tools at overworked IT security folks. So what should be done here? Private sector organizations would be well advised to take a page out of some work coming out of Washington from NIST, DOD, DHS, DISA, and NSA amongst others. Federal CIOs recognize that deploying and securing tens of thousands of new devices won’t be a walk in the park, so they anchor their mobile computing security strategies with things like mission statements, objectives, training, and planning. Wow, what a concept! Mobile and BYOD are still new enough that we have the opportunity to address cyber risks, privacy, and security with planning, intelligent, and an emphasis on scale and automation. Alas, the evidence suggests we are doing otherwise.

Cybersecurity market research: Top 15 statistics for 2017