With smartphones and tablets becoming increasingly popular, more and more enterprises are adopting a bring your own device (BYOD) strategy to build the connected mobile enterprises of the future. However, there are still some IT managers who are concerned that if a large percentage of mobile workers use their own unsecured mobile devices for work it could lead to IT security issues. They think that enterprise security challenges will multiply with the adoption of BYOD.
I believe many of these concerns are based on misconceptions about mobile security. With an effective security strategy, mobile computing delivers real gains to the enterprise in terms of productivity, efficiency and more engaged mobile users. In this blog post I want to demystify five of the most popular myths about mobile enterprise data security, user privacy and IT policy compliance.
Myth 1: “BYOD users are security problems.”
Even if you don’t enable a BYOD policy for your organization you are at risk of employees using personal mobile devices to access and manipulate enterprise data through the use of specific apps. By implementing BYOD you are not only securing your data against unauthorized access but increasing employee productivity by enabling new ways of performing tasks. By taking a comprehensive view of enterprise mobile security, organizations can reduce risk and reap the rewards of a more engaged, connected mobile workforce. Safeguarding the corporate network and assets—which can include mobile identity and access management, security enabled connectivity and network protection—may be your starting point.
Myth 2: “Enabling BYOD adds to the increasing complexity of IT environments.”
Enterprises have already been using BYOD in one form or other by providing corporate-owned mobile computing assets to employees or by allowing them to work from home by connecting through a virtual private network (VPN). The only thing that’s changing with the new form of BYOD is allowing personally owned devices to have secure access to your enterprise network. You can adopt a set of best practices to control these unsecured devices using a unified endpoint management solution like IBM Endpoint Manager. Enabling BYOD outweighs the cost of managing complex IT environments by providing improved flexibility and enterprise agility.
Myth 3: “Mobile security is a primary technology challenge.”
It can’t be denied that hackers are finding new ways of attacking mobile devices, but that shouldn’t be a hindrance to adopting BYOD. Threats can emerge even to your existing systems. Mobile security should be viewed as a comprehensive system that includes protecting the device and safeguarding the network, data and enterprise systems. Consider using a mobile device management (MDM) solution for software distribution, patch management, anti-malware protection and anti-virus updates to secure devices in your network. With MDM you gain complete visibility and control over mobile devices with detailed hardware and software inventory, location, network and usage data. MDM can enable IT to have visibility and control over multiple devices, which can help ensure that your organization reaps the productivity rewards of mobile computing. A robust MDM infrastructure can bring mobile computing into compliance with IT security policies.
Myth 4: “Mobile transactions are less secure.”
The majority of the security breaches, including SQL injection, URL tempering and phishing, come from the application layer itself. These vulnerabilities are not new; they have existed for years, even with traditional platforms. The root cause is development teams failing to check for all potential security threats at the application development step—developers often lack a security focus. You can reduce the cost of security vulnerabilities by finding them early in the development lifecycle. To identify security vulnerabilities in your mobile applications you can use the powerful yet simplified solutions like IBM Security AppScan. AppScan detects potential security issues early in the application development lifecycle, thus securing your applications from the ground up and making mobile transactions more secure.
Myth 5: “Corporate data isn’t secure on personal mobile devices.”
IT managers who have allowed personal devices express concerns about security threats to corporate data due to loss of mobile devices, data integrity compromises and accidental sharing of sensitive confidential information over social media. But if we think closely, these are more or less the same concerns that exist even with traditional computing infrastructure. What’s different about mobile devices is their mobility. Mobile devices provide new channels for data access inside and outside enterprise firewalls. While as an IT manager you have full control over corporate-owned devices, personal devices need to be managed differently. You need to respect the privacy of users and secure only the corporate data on personal devices, using a different set of configuration and security settings than required on corporate-owned devices. When an employee leaves the organization or wishes to relinquish access you must wipe out all corporate data stored on the device while leaving personal content untouched. Provided that mobile devices are more prone to loss or theft, you must enable device wipe and lock down features in order to build a highly secure platform.
Learn about our IBM MobileFirst offering and how IBM can help you build a secure mobile enterprise. Also make sure you follow IBM Mobile on Twitter and stay updated about how IBM is helping enterprise customers keep up with mobile technology. You can follow me, @dileepsharma, on Twitter to talk more about mobile enterprise security.