Reducing mobile security risks
Mobility may be a fact of life in just about all enterprises, but that doesn’t mean IT organizations aren’t concerned about its impact on security and compliance. Even as more organizations embrace the use of mobile devices by employees and customers to access services and applications, a new survey indicates that IT professionals are wrestling with heightened security risks – and are looking for help.
The debate is over: Use of mobile devices such as notebooks, tablets and smartphones is trending up – way up – in enterprises of nearly all sizes and in all industries. Research indicates that 62% of U.S. employees use a smartphone to access company applications and services, and 54% of respondents to another study indicated they are increasing application development for mobile devices.
Two-factor authentication, single-sign-on and audit-trail software are three ways IT organizations may try to shore up their potential security vulnerabilities
Global tablet use for business workloads also is on the rise; nearly 20% of worldwide tablet purchases will be made directly by enterprises by 2017.
The dark side
But there’s a dark side to that increased reliance on mobile devices throughout the physical and virtual enterprise: much higher vulnerability to data breaches, malware and compliance violations. IT organizations and their users understand that stark reality. For instance, 90% of U.S. federal government employees are using mobile devices in the workplace, but just 11% of those employees are adhering to mobile security best practices.
How has increased mobility affected your risk profile for security breaches, data loss and compliance?
That disconnect isn’t limited to the public sector: In industries such as retail, health care, financial services and many others, IT organizations are straining to provide a more flexible and satisfying experience for employees and customers by supporting mobile devices, while still ensuring a safe, secure and compliant environment.
A new study, based on responses by 140 IT professionals that are registered members of TechTarget Web communities, sheds valuable light on this challenge, and offers insights into some of the steps organizations are taking to tame the mobile security beast.
What organizations are doing about it
Two-factor authentication, single-sign-on and audit-trail software are three ways IT organizations may try to shore up their potential security vulnerabilities associated with increased use of mobile devices.
Some key takeaways from respondents on each of those solutions:
Two-factor authentication is used in most respondents’ organizations for mobile device security, but it does not appear to be an enterprise-wide solution.
- 35% of respondents said it was a company-wide requirement for employees’ devices, but another 31% said it was used only for certain applications or levels of employee access.
- A higher percentage of respondents—44%—said they require their customers to use two-factor authentication for accessing services from their mobile devices.
Protecting data with single-sign-on capability is definitely worth the cost and effort associated with deploying and managing that functionality.
- 35% of respondents said it was “absolutely” worth it, while another 37% said it was “usually” worth it.
Two thirds (66%) of respondents said it is important for their organizations to use audit-trail software or services to track employees’ access to online or cloud applications.
What keeps IT professionals up at night when it comes to how increased use of mobile devices impacts security and compliance? Respondents put user-based malware, lost/stolen devices, accessing inappropriate content and social media as their biggest areas of concern.
How extensively do employees use multiple mobile devices for work?
Mobility may be a fact of life in just about all enterprises, but that doesn’t mean IT organizations aren’t concerned about its impact on security and compliance. In fact, while acknowledging that their organizations increasingly support mobility in a wide variety of ways, survey respondents are clearly concerned that their risk profiles have been made more vulnerable and that they need to do more to alleviate their concerns.
Smart devices, mobile phones and tablets are becoming the control hub for the myriad of connected devices and the Internet of Things (IoT) – as are bring-your-own-device (BYOD) policies in many organizations today. But this is creating unique and heightened security risks for IT professionals, such as higher exposure to data breaches, malware and compliance violations. BYOD is no longer an industry trend; it’s a fact of life for enterprise-wide operations and the IT organizations that must support them.
Recently, TechTarget and HID Global did a global study of IT professionals to shed light on this challenge. The white paper, As Enterprise Mobility Usage Escalates, So Does Security Risk, offers insights into some of the steps organizations are taking to tame the mobile security beast.