However, the bring-your-own-device (BYOD) movement has exponentially increased the demands on IT organizations for security on a myriad of platforms.
Right now it’s critical to maximize potential and minimize risk, as employees use their own mobile apps regardless of compliance. Consider these stats listed in the white paper Enterprise Mobile Security: Rock Solid or At Risk?
- 61% of workers use social networking services not supported by their IT departments
- 43% chat on non-supported IM services
- 26% employ their own online collaboration tools
What does this mean for the security of your business data?
The most obvious (and preventable) pitfall is that mobile devices are easy to lose or steal. A misplaced iPhone might cost $400. However, lost data could mean tarnished intellectual property and bad press – the damage of which is unquantifiable. With approximately 70% of all enterprise data residing on a mobile device, this becomes an expensive problem. A compromised data breach runs about $258 per record for mobile devices.
With this in mind, organizations should strive to protect data, not devices.
According to Larry Ponemon, chairman and founder of Ponemon Institute, only 53% of companies had a mobile policy in place. And, approximately 16% had a policy that encompassed the entire enterprise.
The building blocks for an effective mobile security strategy
Even though these steps seem obvious, these capabilities can mean the difference between a minor nuisance and an arduous lawsuit:
- Mandatory password-based entry
- Remote wipe
- Access to safe, quality apps that can be accessed based on roles and privileges
The key is to never be lulled into a false sense of security by a one-size-fits-all solution, because you can’t rely on technology alone. By developing sound policies, you can address your company’s specific needs, such as device standards, IT support, financial responsibilities, and legal implications.
Here are some areas that should be considered when creating your own BYOD policy:
- Device Use: Define which devices will be allowed.
- Authentication: Install digital certificates in devices and support end-to-end encryption through a VPN so you can track the user’s identity, device, and location.
- Remote Wipe: Employ this if a device is lost or stolen — or if an employee leaves the company.
- User Data: Specify who owns and controls what data.
- Apps: Provide employees with a list of apps that are allowed — as well as those that can’t be used.
- Approval Procedure: Offer a procedure for approving new devices and apps in a rapidly changing mobile environment.
For optimal mobile security, organizations have to combat both internal and external threats. They must also accept that there is no perfect solution, and strategies need to evolve with technology. Now more than ever before, it’s expected that organizations incorporate numerous security tools, but never lose sight of the human factor.