More than ever, workers are ditching standard issue corporate devices and relying on personal smartphones and tablets. And organizations are letting them do it.
For the first time, enterprises and SMBs alike are forced to secure and manage an explosion of disparate personal mobile devices now used for business-related functions.
The problem represents a unique challenge for CISOs and IT administrators. They want to keep their workers happy and productive, but as more employees work remotely and work while traveling, these security managers are also tasked with keeping confidential corporate information from walking out the door.
And while the challenge is daunting, it opens up new opportunities in a growing market for security solution providers.
These partners say that the adoption of mobile devices in the workplace provides one more platform to offer and install mobile security solutions such as endpoint protection and encryption, as well as specialized monitoring services, updates and remote device wiping. More and more, they say they're able to provide these services remotely and from one centralized management console.
In addition, the expansion to mobile security considerations offers new opportunities for partners' consulting services, including mobile best practices and use of strong passwords.
"The acceptance of data access from anywhere with any device will eventually be required," said Jason Wingert, executive director at Cincinnati, Ohio-based PCMS Datafit. "The biggest mistake is not taking action now to prevent the security challenges [devices]create."
The new mobile security challenges are unmistakable.
According to a recent Symantec "Consumerization of IT" survey, 63 percent of respondents said their company allows employees to use the smartphones of their choice for work-related activities and 91 percent of respondents said that their company allows employees to use their work-related smartphones for personal use as well as business-related tasks. However, only 51 percent said that their employer has communicated policies and/or best practices to them regarding the security of their smartphones.
The biggest mobile threats continue to be accidental data loss. "The most common security problems on mobile devices continue to be the mundane ones, losing your phone, having it stolen or dropping it in a lake. Good backups are always the first thing to worry about," said Mikko Hypponen, chief research officer at F-Secure.
Experts say the biggest headache for enterprise organizations is managing and supporting the explosion of disparate mobile devices used in the workplace -- a monumental task that often includes being able to control and access information, inventory the devices, apply policies, add and delete e-mail account, as well as secure the information on the devices.
"Today, the issue is really management. It's being able to say yes to these devices and determining what they're saying yes to," said John Engels, principle group product manager of enterprise mobility at Symantec . "What are they going to do when people leave the organization? That's where mobile management seems to be the critical point for many customers."
Thus far, mobile malware still represents just a fraction of the total of PC malware. Tim Armstrong, malware researcher at Kaspersky Lab , said that researchers detect around 40,000 pieces of PC malware per day, compared to the 4,000 total pieces of mobile malware that are currently circulating on the Internet.
However, data loss due to mobile malware poses a salient and growing threat, while mobile security attacks are accelerating, in part due to the fact that mobile devices are more susceptible to loss and theft, and, unlike PCs, remain largely unsecured, experts say.
"Compared to the PC market, where almost every PC user has a security program installed, the use of security applications in mobile devices is not widespread. Thus, although the threat posed by malware to the mobile handset is likely to be less, the need for protection will be driven by the threat of data loss and theft," said Nitin Bhas, research analyst at Juniper Research. "Most enterprise-owned devices have access to corporate networks and data. This is proving to be the biggest potential threat vector."
Next: Customer Concerns