The good news is that the number of malware threats aimed directly at mobile computing devices such as smartphones and tablet PCs are relatively few. The bad news is that the amount of data on these devices is increasing exponentially and people have a tendency to lose things that are not permanently attached to them.
A new survey of 289 IT professionals conducted by Zogby International on behalf of IBM released at the company's Pulse conference this week shows that IT organizations are starting to comprehend the potential mobile security threat. The survey finds that 40 percent of the respondents said they are extending their endpoint security strategy to include both mobile computing and embedded systems connected to the network. Furthermore, while the majority of the respondents still view laptops as the biggest threat to security, 15 percent said that smartphones and tablet PCs are a growing threat.
The concern with mobile computing, says Marc van Zadelhoff, director of IBM Security Services in the company's Global Technology Services unit, is that it's likely that many organizations will focus too much on the wrong problem. Many of them will put most of their efforts behind deploying malware software on mobile computing devices while ignoring what happens when the device is lost or stolen. These devices now hold a significant amount of data that is usually unencrypted, notes van Zadelhoff, and in the event they are lost, most IT organizations have not put into place any kind of ability to remotely turn them off or wipe them clean of data.
In the meantime, 80 percent of respondents expect their organization to add new endpoints to their network in 2011. That number shows that the rapid pace of adoption of mobile computing in the enterprise, says van Zadelhoff, is moving a lot faster than IT organizations can adjust their security policies. The simple fact of that matter is that IT organizations will be coping with the compliance and security implications of at least one lost mobile computing device in 2011.
IT organizations, says van Zadelhoff, need to take a step back from security as usual to come up with a more proactive approach to enforcing security policies. Otherwise, IT organizations will be doing the digital equivalent of standing around waiting for an accident to happen. And when it does, there will be plenty of blame to go around.