Five Trends Driving the Need for Better Mobile Security

Mformation Chief Marketing Officer Matt Bancroft outlines five mobile security trends keeping CSOs up at night

The pace of mobilization within many enterprises is increasing rapidly. Enterprises of all sizes and types are finding that going mobile can significantly increase the productivity of their employees, bringing added flexibility and cost reductions and helping many companies gain a competitive edge in their market.

In a survey of CIOs of top-500 companies undertaken by independent research firm Coleman Parkes, 81 percent of the CIOs interviewed reported that they have seen significant productivity increases from their mobile investments, and the same percentage expect further significant productivity increases from new mobile products over the next five years.

It comes as no surprise, then, that enterprises are providing a growing number of management and staff with mobile devices equipped to access corporate data and applications.

In addition, enterprises are embarking on initiatives that will significantly increase their use of mobile applications. As mobile and wireless solutions become increasingly important to an organization's overall business strategy, they are also becoming increasingly important in an organization's IT strategy. Security issues consistently top the list of IT concerns - nearly eight out of 10 of the CIOs surveyed indicated concerns about the security implications for their company's corporate data of the proliferation of sophisticated mobile devices among employees.

A number of trends are driving the need for better mobile device management and security. The combination of an increasingly varied set of mobile devices with increasing memory, power and portability, combined with a trend toward more powerful, IP-based network infrastructures, is creating a fertile ground for the migration of Internet-based threats into the mobile space. At the same time, new and powerful mobile applications are being launched and security threats are becoming increasingly sophisticated. These are among the issues keeping CIOs and CSOs up at night.

Trend 1: More powerful and less expensive mobile devices are becoming ubiquitous and are as irreplaceable as any PC or laptop, significantly increasing the risks from loss and theft. Mobile handsets are becoming more powerful with each new release, to the point where the newest and smartest mobile devices are more like handheld computers than cellular phones. And with every product release, the devices have more capabilities and cost less. As an example, the 8 GB iPhone 3G coming out this month will cost a mere $199, compared to the original 8 GB iPhone that cost $599 when it was first introduced last year and $399 just a few months ago. The same trend is playing out with other smart devices, including BlackBerry, Windows Mobile and Symbian devices.

Network providers have made their pricing models more attractive to enterprises as well. Rather than per-minute, per-transaction or per-byte pricing, which is difficult to budget for and therefore very unattractive to enterprises, data services are being offered in attractive pricing bundles, including "all-you-can-eat" packages.

With this sort of power in such a small and portable package, many executives and managers are finding their mobile handset to be as irreplaceable as any PC or laptop. Unlike PCs and laptops, however, mobile devices carry an equally significant amount of information in a much smaller and more portable package that is incredibly easy to misplace, lose or steal, significantly increasing the risk to the enterprise.

Trend 2: A move toward more powerful, IP-based network infrastructures is leading to increased use of data-heavy mobile services, which need more sophisticated management. Wide-area networks are continually being enhanced to deliver the bandwidth necessary to support new data-heavy mobile services and applications. These enhanced networks offer improved breadth of coverage and reliability - key objectives for most mobile operators. UMTS (Universal Mobile Telecommunications System) in GSM-based networks, and EV-DO (Evolution-Data Optimized) in CDMA-based networks, both represent significant improvements in these areas.

4G networks such as WiMAX (Worldwide Interoperability for Microwave Access) are now being rolled out, enabling ever more sophisticated, data-heavy mobile services and applications. 3G LTE (Long Term Evolution) and other all-IP variants are shortly to follow.

More than a decade of R&D has gone into securing PCs and laptops connected to the Internet and corporate intranets. These technologies are now commonplace in enterprise networks. The same level of attention needs to be paid to these highly portable wireless devices if they are to succeed in the enterprise. However, simply porting PC-style security and management systems to the wireless arena ignores the very small form factor, extreme portability and vastly different usability expectations that are unique to mobile devices and wireless connections. IT organizations are finding that they need to find a middle ground, leveraging some of the R&D done in the PC/laptop arena while keeping the unique needs and the requirements of the mobile device in mind to ensure the mobile experience is not negatively affected in any way.

Trend 3: Increased numbers of corporate users of mobile devices accessing company applications and data at all levels of the enterprise are creating a huge headache for IT departments. Not only are more company executives than ever before beginning to depend on their smart mobile devices, but also staff at all levels are increasingly "going mobile." Smartphone use is rapidly driving down into the ranks of middle management and staff workers. Sixty-seven percent of CIOs responding to the Coleman Parkes survey reported that the proportion of non-managerial staff with access to advanced corporate mobile devices will increase, with fully one third of them indicating that the proportion would increase significantly. And in many cases, when the enterprise doesn't supply mobile devices to employees, they are simply using their personal mobile devices to transact company business and run company applications, with or without the knowledge of the IT organization.

This proliferation of devices that can access company applications and data is creating a huge headache for IT departments. Not only do they need to minimize the risk associated with the possible loss, theft or misuse of a growing population of devices, but they also need to find ways to manage and secure everything from company-issued mobile devices to a host of different personal and partly personal mobile devices.

Trend 4: More advanced and data-heavy mobile applications and services on employees' mobile devices require more sophisticated monitoring and management.

Over the past several years many industries have come to rely upon mobile enterprise applications. BlackBerry devices, for example, have become de rigueur among investment bankers and lawyers who need always-on access to e-mail, calendar and market information. Government organizations are using mobile devices to capture information from remote government employees for a wide range of tasks, including Emergency Medical Services (EMS), traffic management and even animal control and tracking. In the health-care industry, physicians and case workers can now capture and access health information at point of care using their mobile devices. Popular mobile enterprise applications used across all industries include sales-force automation, field-force automation, fleet management, inventory management, mobile tech and wireless CRM.

Employee mobile devices often contain a wide range of applications and data files, both company-issued and personal. However, according to the Coleman Parkes survey, 63 percent of CIOs interviewed do not actively monitor the types of data that employees are storing on their devices. Nothing prevents employees from installing data and applications onto their devices that could cause problems for the company - from unknowingly circulating viruses to not playing well with corporate systems or not adhering to corporate security policies.

Trend 5: More and more sophisticated security threats are appearing as new devices provide richer targets.

Although, so far, infestation of wireless handsets by Internet-based security threats has been relatively low, new threats to mobile devices, including malicious programs (viruses, worms and Trojan horses) continue to appear. In just the last few months, two new Trojan horse viruses, one targeting Symbian SMS messages and another targeting specific Windows Mobile programs; two new worms, one targeting particular Symbian phones and one targeting multimedia cards; and a new spy-ware application have shown up in the market. Thankfully, none of these malicious bits of code have caused widespread damage. However, despite the fact that the current threat is not particularly high, most industry experts are saying that the iPhone, Android, and mobile devices with WiFi and other broadband capabilities will undoubtedly be rich targets for malware and viruses in the coming years.

Effective management of a company's mobile devices, data and applications will mean faster mobilization of enterprise applications, which, in turn, will lead to increased employee productivity at all levels of the enterprise. Recognition of the trends driving mobile adoption and the unique challenges associated with managing and securing mobile devices is a good first step in ensuring that corporate data is protected and the business is kept safe while it moves forward with mobilization initiatives. The next step is to make sure policies and systems are in place to effectively manage and protect mobile devices, data and applications while supporting the people who increasingly depend on them.

Copyright © 2008 IDG Communications, Inc.

The 10 most powerful cybersecurity companies