Tip

Top five mobile security concerns with consumerization

The consumerization of the enterprise has magnified some long-standing enterprise mobile security concerns, and it's brought in a handful of new ones that are weighing on IT pros and users alike.

Consumerization up-ended corporate mobile device procurement, requiring an overhaul of associated IT policies and processes. But what are the most pressing concerns introduced by users' personal smartphones and tablets? A recent

    Requires Free Membership to View

TrendMicro survey (.pdf) of 600 companies with at least 500 employees yielded this list: security risks, data loss, compliance, personal data and privacy. If you're supporting mobile devices or preparing to do so, consider these top five mobile security concerns and find out how to address them.

Security risks

In the past, IT offered employees only enterprise-ready smartphones that were proven securable, manageable and capable of meeting business needs. Now, IT pros worry that consumer-owned smartphones and tablets aren't capable of supporting existing policies.

But IT can establish acceptance criteria and embrace personal devices that meet requirements for business use, such as device type and OS version. Not comfortable with devices running Android 4.1 or older? Block network, system and data access for those devices. Or, better yet, establish a policy that gives higher-risk devices limited access, such as virtualized interaction with corporate email.

Data loss

It's undeniable: Mobile devices are often lost or stolen. Devices that you have granted access to business networks, systems and data become a major concern when they fall into the wrong hands. Today, consumer-grade devices have features to address this concern, including passcode locks, data encryption and remote wipe capabilities. Nevertheless, IT may still be concerned about how to enforce the use of these features.

Fortunately, many tools are available to let IT control mobile device lock, encryption and wipe capabilities. At a minimum, employers that grant users access to corporate email from their mobile devices can use Microsoft ActiveSync policies to prevent access from devices without passcodes or encryption, or to send a remote wipe request. Companies with more advanced needs can require workers to enroll their devices in an enterprise mobile device management (MDM) system, automating mobile security policy provisioning and ongoing enforcement.

Compliance

Even with basic data loss protection, ensuring compliance with broader IT-defined mobile security policies can still be a challenge. Without ongoing monitoring, employees may change passcodes or inactivity timeouts for personal convenience. They may remove other IT-provisioned restrictions, such as re-enabling application installation from unofficial sources. Workers install dozens of third-party applications on their devices, so it is likely that some adware or malware will appear, posing risk to the corporate network, servers or data.

More on mobile security concerns

Mobile security concerns top the list of IT worries

Audio slideshow: Mobile security concerns

Apple iPhone jailbreaking exploit sparks security concerns

Ensuring compliance on users' devices requires visibility into each mobile device's settings, applications and activities. Companies that enroll devices in MDM tools can monitor devices and enforce compliance. For example, many MDM tools can periodically query installed applications to ensure that required applications stay installed and that no applications are carrying malware. When a device becomes non-compliant, MDM tools can take steps to insulate corporate assets; they can display a notification to the user when he tries to remove enterprise applications or use network settings to quarantine the device.

Personal data

Workers may not object to IT-defined or -enforced mobile security policies, but they may still be concerned about the integrity of their personal photos, music, contacts and applications.

To address this concern, mobility management tools have evolved to better segregate personal and business data on users' personal devices, providing IT tighter control over the safety of business data without endangering personal information. For example, most MDM products now support "enterprise wipe," which removes only MDM-installed settings and applications instead of remotely wiping the entire device. Alternatively, IT may place enterprise data in an authenticated, encrypted data container that can be disabled or removed without requiring workers to give IT remote wipe permission.

Privacy

Finally, both employers and employees may have reservations about how security measures will interfere with users' personal privacy. Individuals may find some types of ongoing IT monitoring intrusive, such as logging personal communications or off-hours locations.

Some employers address these concerns through written mobile security policies that detail how IT can and cannot use information gathered from mobile devices. A better option is to apply more limited security measures, such as disabling location tracking unless (or until) a device is reported stolen. As a rule, IT should avoid querying or logging users' activity unless there is a defined business need to do so.

As more companies strive to embrace consumerization and accept the bring-your-own-device movement, these steps can help IT departments address today's most pressing mobile security concerns. Over time, devices and needs evolve, and so should each organization's approach to mobile security.

This was first published in November 2013

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.