Mobile devices pose a security risk for enterprises because they are easily lost or stolen, and thousands are expected to disappear during the Olympic Games in London this summer.
Approximately 60,000 mobile phones will be lost or stolen during the London Olympic Games, and 27,000 of those will be smartphones, according to Venafi, a Sandy, Utah-based encryption and certification management company.
Venafi's data is sourced to various online media sources and is not scientific, but the estimates underscore an important point about the era of mobility: Enterprises need strong user mobile device training on acceptable uses, a robust bring your own device (BYOD) policy and secure technologies to protect sensitive data.
"This is the problem with the iPhone syndrome," said Craig Mathias, mobile analyst with the Ashland, Mass.-based Farpoint Group. "Once the iPhone appeared, all of a sudden there are devices running rampant on the network; and if organizations don't have a handle on them, nothing else they do to protect data will matter."
Cloud and mobility have erased the concept of the secure perimeter because employees can access corporate data from unsecure networks while sitting in a coffee shop, said Benjamin Robbins, principal at Seattle, Wash.-based Palador Inc., an enterprise mobility consulting firm.
The BYOD trend compounds the risk because IT has less control over employee-owned devices than they do over corporate-owned devices.
While the BYOD discussion typically centers on smartphones, the problem extends to any employee-owned device that is portable and can connect to the corporate datacenter from outside the firewall. No matter the device, sharing corporate data has become very simple to do, Robbins said.
"Dropbox and that share button is so natively integrated into the device and easy to use that when it comes to work purposes, how do you not just use it?," he said.
In fact, 60% of employees frequently move large files containing business-confidential information to cloud storage and file syncing services such as Dropbox without asking permission, according to a survey by the Ponemon Institute, a research firm based in Traverse City, Mich. A little more than half of respondents to the survey of 622 IT and security professionals acknowledge this activity could result in the leakage of confidential information because those applications are used on mobile devices.
Mobile device security policies
Mobile device security requires the participation of the entire business -- not just IT, Mathias said. Modern enterprises run on information; and without the right management, policy and attitude in place, employee mobile device practices will conflict with information security, he said.
More on mobile device security
Mobile traffic of Olympic proportions: Is your enterprise prepared?
Acer meets London 2012 Olympic challenge head-on
Mobile device security overview
With that, IT has to treat mobile security the way airports do, with layers of security extending to the devices, apps and back to the data center, industry watchers said.
"Before you allow any information onto mobile devices, organizations have to set policy, figure out what business goals they are trying to accomplish, the costs involved, risks involved and more," Mathias said. The conundrum, he noted, is that operational productivity and IT security are often at odds with one another even though they should work together.
Even so, mobile device security is something enterprise IT "needs to give attention to," Robbins said.