Bring-your-own-device (BYOD) programs and cloud computing — two of the biggest enterprise trends from the last couple of years — go hand in hand. Employees want to be given the latitude to use their smartphones for work, and they want to have round-the-clock access to data and applications.
For businesses, there are obvious advantages to both cloud computing and BYOD programs in terms of cost savings, schedule flexibility and improved efficiency — but there is also risk. CDW’s 2013 State of the Cloud Report indicates that 46 percent of the IT decision-makers polled have concerns about the security of proprietary data or applications.
Despite those concerns, the consumerization of IT shows no signs of slowing. A recent Gartner survey found that 70 percent of survey respondents are planning to create BYOD policies within the next year.
Dionisio Zumerle, principal research analyst at Gartner, points out that just as BYOD transforms the enterprise, it must also transform the mobile-security mindset.
“Shifting from an enterprise-owned mobile device fleet to having employees bringing their own devices has a major impact on the way of thinking and acting about mobile security,” he says. “Policies and tools initially put in place to deal with mobile devices offering consumer-grade security must be revised to deal with these devices being under the ultimate control of a private user, rather than the organization.”
Predictions about the growing threat of malware in mobile computing have been consistent, but it has largely been perceived as a consumer threat.
Android, Google’s mobile platform, is the main target because its market share is over 70 percent, according to Strategy Analytics. Google’s open-door policy with its Google Play store has allowed many unsavory proprietors to spread their malware across the Android ecosystem. Unfortunately, the belief that the risk of malware infiltration has been exaggerated has led to a boy-who-cried-wolf indifference to the mobile-malware threat.
But no business should get too comfortable, because a diverse, evolving wave of new malware is emerging, intent on mobile espionage and privacy invasion.
While many malware proprietors are still focused on the desktop, they’re not ignoring the BYOD trend. The possibility that the wolf will show up in your company should be taken seriously.
Without a sensible usage policy in place, and mobile device management software to actually enforce it, businesses may unnecessarily expose themselves to risk.
For starters, are your employees using password security on their devices? Is there a lock-screen time-out or a limit to the number of times a wrong password can be entered? Employees may visit dubious websites or inadvertently install apps that contain malware. Does your company use any malware-detection or antitheft tools to sniff out intruders?
Businesses should maintain ownership over company data that is on an employee’s device. Remote lock and remote wipe functionality, if a device is lost, are two good features to start with on that front. However, the legality of wiping an employee’s device is still being questioned, and strictly targeting business data for deletion can be difficult.
Device theft and loss are obvious concerns for any company, but a hacker can use malware to collect all of the details needed to access your network. They may not even use the device itself as a gateway, but merely leverage it as a way of obtaining the keys to the kingdom. This kind of data theft could go unnoticed until there has been a substantial loss.
That’s why it is critical that businesses first recognize the threat and then assess their exposure and deal with it by educating staff and implementing a solid mobile device management policy.