Enterprises are increasingly concerned about the potential security risks mobile devices pose to corporate networks and data, especially as employees use the same device for both work and personal activities, according to a study that reveals the need for a layered approach to creating a holistic enterprise security strategy.
Nine of 10 organizations either provide, or soon will provide, mobile devices for employee use, with BlackBerry smartphones outnumbering all other devices.
Enterprises are trying to manage the consumerization of mobile IT. Seventy percent of employees say they are allowed to use their corporate devices for personal activities. A smaller but still significant number of workers -- 48 percent -- say they can use their personally owned mobile devices to connect to corporate systems.
Still, many enterprises are concerned about employees' mixing work-related tasks on their mobile devices with social networking, web conferencing, media sharing and other personal activities. Eight of 10 respondents believe smartphones expose their business to attack, with data leakage cited as the top security concern.
Comment from Graham Titterington, a principal analyst at Ovum and author of the report: Employees will want to use their devices, no matter who owns them, for both their work and personal lives. It is unrealistic to delineate between these uses for employees who are mobile and working out of the office for a large part of their time. That means organizations must establish a holistic security strategy that addresses the consumerization of this fast-growing channel into corporate networks and data.
But protection is spotty. Among the 52 percent of organizations that use some form of authentication for mobile users, 62 percent rely on simple user name and password sign-on. Only 18 percent use Public Key Infrastructure (PKI) certificates, and just nine percent utilize two-factor authentication featuring one-time passwords. One quarter use anti-virus and anti-malware solutions.
Comment from Mike Jones, mobile security specialist at Symantec: For many professionals, the mobile phone has become a mobile office. But that doesn't mean enterprises need to leave themselves vulnerable to data breach, malware and other threats. A layered approach to mobile security allows enterprises to protect themselves and their users at every point of access, even before a phone receives a message or data transmission.
Comment from Roger Dean, director at EEMA: As this new study bears out, putting a smartphone security strategy in place is now a business imperative. But how many organizations have the in-house expertise required to develop and implement a mobile strategy that fits seamlessly with their overall security profile?
Contact: http://www.symantec.com
No comments:
Post a Comment