Mobile Security: Shedding Light On A Topic Usually Shrouded In Dark


The ever-increasing move by users to use their own mobile devices and their own applications in the workplace is bringing on security issues so significant that businesses often don't even recognize them.

That's the message from Jack Gold, principal analyst at J. Gold Associates, a Northborough, Mass.-based consulting firm, who told attendees at this week's XChange Solution Provider conference that issues related to mobile security will only grow over time.

"Everyone talks about mobile security," he said. "But it's not secure. A lot of companies don't know what they don't know."

[Related: Mobile Device Management Vendors Tackling BYOD Challenges With Beefed-Up Security]

While businesses that look at issues related to mobile security focus on the BYOD (bring your own device) trend among their users, they need to focus even more on the BYOA, or bring your own application, side, Gold said.

"Can these apps be trusted?" he said. "You don't know. Especially if you go into an app store with thousands of apps."

The main problem is the difference in priorities between IT departments, which focus on security and policies, and users, who focus on convenience, Gold said.

"The problem is, in a lot of organizations, IT tends to be dictatorial," he said. "End users always find a way to do what they want to do."

Gold said there are three pillars that must be in place for true mobile security, including the security itself, policies built around security requirements, and user acceptance of the policies, and that missing any one of them, especially user acceptance, will doom security measures, Gold said.

Success comes from balancing the risks of loose security with the rewards users receive from being able to choose their own devices and applications, he said. This leads to a security gap where more control by the IT department leads to more security while more user choice leads to less security.

"Most companies do a really poor job -- and I'm being kind -- of managing and even understanding this gap," he said. "And that means opportunity for [the channel]."

Getting user acceptance is a huge hurdle, said Chris Johnson, medical IT consultant at Untangled Solutions, a Santa Monica, Calif.-based solution provider with a primary focus on  customers in the medical industry.

Johnson said that in presentations to customers he likes to draw a sliding scale ranging from no security on one end to crazy, all-out security on the other.

"In the middle is the user," he said. "As the slider moves toward more complicated security, users will more likely go off and do their own thing. So the security risk is actually increased."

 

NEXT: Seven Critical Steps To Mobile Security