Mobile Security and BYOD Are Security Areas to Watch

Sue Marquette Poremba
Slide Show

Six Mobile Security Issues in 2012

When security experts were making their 2012 threat predictions, the rise in mobile malware and the increasing need for better mobile security were high on everyone's list. BYOD - bring your own device - was beginning to make its way into the security discussion.

 

Now it appears these two important issues are moving to the front of the security discussion. Or, at least they are being considered serious enough that I've noticed two things happening.

 

First, at the RSA Conference 2012, mobile security will, for the first time ever, be given its own session track. Last year, I was able to sit in on a number of sessions and interviews where mobile security was discussed, but it was in addition to the topic at hand, not the primary focus. This year, it will be a primary focus - and based on the number of announcement emails I've received over the past month, we can expect a lot of announcements regarding the latest in mobile security applications, ideas and concerns.

 

And now, you can't talk about mobile devices or mobile security issues without discussing BYOD. According to a SearchSecurity.com article:

The BYOD phenomenon has also created a myriad of legal and technical challenges for enterprises. How does an enterprise ensure standard security best practices are enforced without putting severe restrictions on an employee's personally owned device? RSA 2012 offers at least six sessions addressing BYOD issues.


The second thing I noticed that has put mobile security and BYOD into the spotlight is the number of surveys coming out focusing on these issues. You don't conduct surveys unless a topic has grown into a major concern or issue, so the fact that yesterday I saw three brand-new surveys on mobile security, BYOD or both tells me just how much people are thinking - or how much security experts want businesses to be thinking - about these issues. A sample of these surveys include:

 

 

 

  • And finally, Symantec released its 2012 State of Mobility Survey. The survey highlighted an uptake in mobile applications across organizations with 71 percent of enterprises at least discussing deploying custom mobile applications and one third currently implementing or have already implemented custom mobile applications. It also said that 41 percent of survey respondents identified mobile devices as one of their top three IT risks.

 

No doubt I will be talking more about mobile security over the coming year, as I have for the past year or two. But I do believe, between the RSA and surveys, we are beginning to scratch the surface when it comes to the importance of mobile security in today's workplace.



Add Comment      Leave a comment on this blog post
Feb 23, 2012 7:08 AM Spencer Parkinson Spencer Parkinson  says:

As a Symantec employee involved with the State of Mobility survey you mention above, I completely agree with your assessment that the mere fact such surveys are being produced is an indication that mobile security and BYOD are becoming mainstream in the workplace. I think the results of our survey speak to that as well.

Spencer Parkinson

Symantec

Reply
Feb 29, 2012 12:18 PM Adam Greenblum Adam Greenblum  says:

It's possible to address security concerns and still implement BYOD.  What's needed is to separate the Enterprise apps and data from the personal devices. This can be achieved with a solution like Ericom's AccessNow, a pure HTML5 RDP client that enables remote users to securely connect from various devices (including iPads, iPhones, Android devices and Chromebooks) to any RDP host, including Terminal Server (RDS Session Host), physical desktops or VDI virtual desktops-and run their applications and desktops in a browser. This keeps the organization's applications and data separate from the employee's personal device.  All that's needed is a HTML5 browser.  No plug-ins or anything else required on the user device.

AccessNow also provides an optional Secure Gateway component enabling external users to securely connect to internal resources using AccessNow, without requiring a VPN.

For more info, and to download a demo, visit:

http://www.ericom.com/html5_rdp_client.asp?URL_ID=708

Note:  I work for Ericom

Reply
Mar 7, 2012 7:06 AM Giri Giri  says:

Sue, nice post. One thing I'd like to point out is that our findings at Mobilisafe are from real customers, real employees and real data from our private beta program. We see this as a much stronger signal than surveys.

Reply
Mar 21, 2012 10:01 AM tye tye  says:

I agree that there is no one size fits all MDM solution for business IT.

Being in the medical industry, we are dealing with the bring your own device ( byod ) issue from an HIPAA stand point, and how it applied to hospitals who are dealing with doctors and nurses who are texting patient information and files.

I think this is also a big issue for any business, your workers BYOD devices not only get hacked, but they are frequently lost or stolen, and much of the emails and texts are on the phone!

While the large enterprise solutions like Centrify have a deeply integrates system where the IT department takes control of the device or provides workers with devices, in a hospital and business setting I think people will have a large issue with this.

Looking around, we did find a way to at least protect text messaging and protect the hospital from lawsuits concerning HIPAA issues related with BYOD by using Tigertext ( www.tigertext.com ); which while not as integrated as the large enterprise solutions, offers some really good benefits:

Closed network for sending texts, messaging can be archived on your own sever. Messaging deletes itself after a period of time, so losing the device will not open you up to HIPAA related PHI lawsuits

Seems to be a much lower cost solution

really easy to implement, very low cost

Doctors still feel they control their phone and personal information

Anyways, I think that this is going to be a major business security issue of the next few years, and IT managers are going to have to look at all the alternatives for the various uses of BYOD communication and security.

Resources:

http://byod.us/

http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/index.html

http://www.tigertext.com

Reply
Sep 27, 2012 12:15 AM naseba1 naseba1  says:
As the hub of oil and gas in the Middle East, the need for secure networks in Saudi Arabia is of paramount importance. To highlight this need, the country aims to spend over US$ 33 billion on digital security in the period 2007-2018. Reply

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

null
null

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.