As with the rapid adoption of any trend, mobile in the enterprise has generated its share of myths. It seems that for every solution enabled by mobility, there is a common misconception about user privacy, security and compliance. For instance, though Android malware generates headlines, a recent survey found that data loss was more concerning to IT, than malware (75% versus 47%)
In this article, I will define and debunk 5 of the biggest mobile security myths surrounding BYOD and mobile security and offer some advice on how to better protect your organization, and your users.
1. Mobile Malware is the Biggest Enterprise Mobile Threat
While the heavy focus on mobile malware in the news might lead organizations to view it as an imminent threat, it’s not. A recent Linkedin Information Security Community survey shows that the media hype cycle has not spilled over into enterprise IT. In fact, the survey highlighted that the large majority of organizations saw data loss as their top priority -- well ahead of mobile malware.
Mobile malware at this point is largely Android-specific nuissance-ware linked to SMS toll scams. Once you dig deeper into the details of many of these “reports” you can see that the malware issues are largely found outside of the U.S. and affecting people downloading apps from third-party stores, NOT in the Google Play Store.
2. Mobile Device Management (MDM) Provides a Foundation for Mobile Security
MDM products have certainly helped usher in the bring your own device (BYOD) era by facilitating the use of mobile devices in the enterprise. However, harvesting the device-level insights that MDM products provide can only produce a small subset of the data needed to make strategic security decisions. What enterprises require is comprehensive visibility to inform a complete mobile security strategy, not just basic device-level tactics.
Enterprises know that data on the device is half their concern; the other half is transfer of mobile data into the cloud. Therefore enterprises want to know what apps users are leveraging to access and relay data and where ultimately is that mobile data being stored; on the device or in the cloud. Gathering insights with this level of granularity allows enterprise security teams to clearly define their security risk and, as a result put the right solutions in place to manage the risk accordingly.
3. Steering Clear of BYOD Means Keeping Data Secure
Over 28% of corporate data is accessed through mobile devices and trending upward. Users access this information with specific apps, manipulate this data in others, and then potentially store it in the cloud. The result is that a specific piece of data has effectively been copied several times, and has left a digital "paper" trail everywhere. This flow of data is happening on a regular basis across the tens of thousands of mobile productivity apps regardless of the fact that a company chose to "avoid" having a BYOD program.