CISOs are in a Mobile Mindset, but Plenty of Work Remains
With the end of 2011 upon us, one thing is sure: the mobile revolution is in full swing. Smartphones and tablets are everywhere.
In fact, according to the analyst firm Gartner, sales of smartphones will exceed 461 million this year – surpassing PC shipments in the process – and rise to 645 million in 2012. Combined sales of smartphones and tablets will be 44 percent greater than the PC market by the end of the year. Beyond 2011, Gartner says the rise in tablet use will jump to 900 million by 2016.
These devices are not just becoming mainstream, they are penetrating nearly every aspect of our lives. More importantly, for many the line between personal and business devices has been blurred, or erased altogether. More often than not, a single device is used for both personal and business activities, with Gartner also predicting that 80 percent of professionals will use at least two personal devices to access corporate systems and data by 2014.
It’s not just employees who see the value in mobile computing. A recent IDG CSO Quick Poll survey commissioned by Symantec found that CISOs strongly believe mobile computing is important to their organizations. In fact, nearly 90 percent of CISOs feel mobile devices should be treated as equal endpoints with desktops and laptops.
However, the security challenges mobile devices create – especially personally-liable devices associated with a BYOD program – also weigh heavily on CISOs’ minds. According to the same Symantec-commissioned study, the majority of CISOs say they can provide email to mobile devices securely, but one-third are not comfortable securing additional information sources and apps beyond email for mobile devices. Given that employees are sure to use mobile apps in connection with corporate data, this is a critical area in the near and mid-term for CISOs. The survey also found that one-third of IT departments have not yet stepped up to secure personally owned devices connecting to their networks.
So what areas do CISOs see as their biggest priorities when it comes to securing mobility? First up, 90 percent of CISOs surveyed identify protecting information on devices as a must-have. Data loss prevention (DLP) technology is a leading choice here. They realize that such rapid adoption of smart mobile devices is leaving their organizations vulnerable to data loss from insiders, both malicious and well-meaning. With smartphones and tablets in hand, insiders can potentially fly under the radar of IT to access and send sensitive corporate data, and in the case of the malicious insider, steal highly confidential intellectual property.
Next, 89 percent identified authentication as a must have. This includes users being authenticated to their devices and to network, information and application resources. Users often save login credentials to the device itself, making access to sensitive data and corporate resources only a click away. This however can be dangerous as well. Authentication helps prevent unauthorized users from reaching these assets.
Finally, 88 percent said security policy-setting and enforcement is a must-have. Mobile device management (MDM) solutions are a key tool to accomplishing this. Another priority area for CISOs where MDM can play a role is in the separation of personal and corporate data.
Overall, the poll showed that enabling secure, well-managed mobility has become a priority for CISOs, but that this is only the beginning. They must now move beyond making it priority and take action to implement the solutions and policies that will protect their organizations’ sensitive information from danger.
How are you taking action to secure mobility in 2012?