Back in December, I wrote about the need for an army of mobile security experts to help lock down the mobile devices and the communication paths we all use. The more I read about it, the more I believe that the demand can’t be understated. Security is simply not keeping up with the way we work and communicate, and it should be easy to convince a CIO that a strong team of security gurus is far less expensive than a single multimillion-dollar security disaster that could cripple the company’s business and damage its reputation.
You know that the day-to-day grind of American business is slowly but surely migrating from desktops to smartphones, tablets and other devices. There were 264.5 million data-capable wireless devices on carrier networks in the U.S during the first half of 2010, and they handled 161.5 billion megabytes of data, up 40 percent from the previous six months, according to the CTIA Semi-Annual Report on Wireless Trends. Gartner says the number of information workers using smartphones worldwide will grow to more than 1 billion by 2014.
Much of today’s wireless traffic consists of email and text messaging. It likely always will, but an increasing percentage of mobile corporate data consists of file attachments and information acquired directly from enterprise servers.
When you look at the applications mobile employees are allowed to use, you see a complete office on the move. A majority of workers use typical office productivity apps – plus CRM, project management, document workflow, and conferencing. Mix in a little HR, accounting and payroll, and you wonder if the airport lounge is the best place to be accessing those types of files.
Anecdotal evidence suggests that IT often doesn’t implement tight authentication procedures, even when the device manufacturers provide them in their operating systems. Part of this is because users just hate having to log in every time they turn on their phones. Data encryption, auditing and automatic security software updates are also rare in mobile apps.
Here’s What You Do
So what’s the opportunity for you? To become the security go-to person whom IT depends to lock down mission-critical enterprise data when it goes mobile. How do you do that?
Learn how to secure mobile devices by understanding what their operating systems provide in the way of security – and their implementation – even if employees will squawk about the inconvenience of log ins and the like.
Learn how to secure the applications employees use on the go. Features such as encryption are often there. You just have to look for them and activate them.
Secure the communications path between the mobile employee and home base. That means you should become the go-to person for VPNs and firewall maintenance.
Educate the masses. No one wants to be lectured about the dangers of hacking, spying and mobile application spam. But employees need to know about the inherent risks of working remotely with sensitive data, especially if they’re doing that work on a personal gadget and not one that’s been configured and approved by IT management. The BYOD (bring your own device) trend is growing as users demand to use their own devices. That’s one more huge security threat that you, as a security guru, can help to address.
— Don Willmott