As more organizations allow the use of personal devices in the workplace, questions of risk and security remain. A recent study looks into the state of mobile security and it looks as if there is more work to be done.
Information Week has published an interesting report, 2012 State of Mobility Security. Their study showed that 90 percent thought mobile devices were a threat to their network. The top concern by far was loss or infection of a device (see page nine for other risks).
Bumpy Roads to Security
The report sounds an alarm, concluding that while 86 percent either permit (62 percent) the use of personal devices or are moving that way, most (69 percent) have issues with their mobile security policies and practices. For example:
- 80 percent only require passwords.
- Just 14 percent require hardware encryption.
- Only 40 percent both limit the range of devices user can have and require that they be connected to a mobile device management system (such as Sybase’s Afaria).
- 42 percent will allow any device, asking only that employees agree to company policies.
- Only 20 percent has systems to detect malware on all their mobile devices.
- Just 29 percent have an internal app store.
- 24 percent of companies are still using WEP technology, shown to be weak by the TJ Maxx disaster, where the company paid US$ 50m to settle with those affected by the compromise of some 45 million debit and credit card numbers.
The report should be required reading for all those responsible for IT security. It includes discussions of the technical issues together with a number of essential recommendations.
You may also want to see my review of an earlier, in-depth study by the Ponemon Institute. That identified some additional issues that require attention.
I welcome your views.
Editor's Note: Norman writes regularly about security issues in the workplace. You may also be interested in reading:
-- Mobile Risks and Opportunity: Is Your Company's Strategy Optimized?