InformationWeek recently released a study titled “Mobile Security: All About the Data”. In the report, they examined the mobile security concerns of organizations, and found a trend – security is becoming more focused on the data and less so on the device.
The top security concerns of organizations participating in the study were:
- Data loss due to lost or stolen devices – 72%
- Users forwarding corporate information to cloud-based storage services – 40%
Ok – so those results actually make it look like the top issue is still the device, especially when the previous year’s results for the same question were 78% and 36% respectively. So, where is the focus on data?
The focus on data can be pinpointed to two factors: BYOD and workflow. Because workers are more often using their own devices, there is a legitimate risk of corporate data becoming mixed with personal data. In addition, employees are less likely to report lost or stolen devices for fear of a remote data wipe when they are not yet 100% sure the device is permanently lost. However, the time lost to indecision increases the risk of a data breach if the device is in fact lost or stolen.
The second big reason behind data-focused security is workflow. Employees are always looking for ways to make their workflow easier, and many are turning to document and data sharing via consumer-grade cloud-based storage services to access their work from anywhere. Mobile security solutions need to provide the means to control data sharing, especially when sent to a mobile device or cloud storage service like Dropbox. At the very least, data encryption should be enforced on sensitive data leaving your secure network.
Last week John Sawyer, the author of the report, and Charlie Pulfer, TITUS VP of Mobile Technology, presented a webinar discussing the issues around data-centric security on mobile devices. The key to securing data on a mobile device is ensuring the information has a clear identity – or classification – which security systems can leverage to enforce policy. For example, TITUS Mail can prevent users from receiving sensitive emails on a mobile device. Likewise, TITUS Docs can prevent documents of a specific sensitivity from being shared to cloud storage services. It’s an informative webinar, I suggest you set aside an hour to learn more.
What are the top mobile security concerns in your organization?