Home > Risk > How secure are your mobile devices?

How secure are your mobile devices?

Information Week has published an interesting report, 2012 State of Mobility Security. Their study showed that 90% thought mobile devices were a threat to their network. The top concern by far was loss or infection of a device (see page 9 for other risks).

The report sounds an alarm, concluding that while 86% either permit (62%) the use of personal devices or are moving that way, most (69%) have issues with their mobile security policies and practices. For example:

  • 80% only require passwords
  • Just 14% require hardware encryption
  • Only 40% both limit the range of devices user can have and require that they be connected to a mobile device management system (such as Sybase’s Afaria)
  • 42% will allow any device, asking only that employees agree to company policies
  • Only 20% has systems to detect malware on all their mobile devices
  • Just 29% have an internal ‘app store’
  • 24% companies are still using WEP technology, shown to be weak by the TJ Maxx disaster, where the company paid $50m to settle with those affected by the compromise of some 45 million debit and credit card numbers.

The report should be required reading for all those responsible for IT security. It includes discussions of the technical issues together with a number of essential recommendations.

You may also want to see my review of an earlier, in-depth study by the Ponemon Institute. That identified some additional issues that require attention.

I welcome your views.

PS – if you are interested in SOX compliance, please check out my book on optimizing your program.

  1. July 2, 2012 at 6:47 PM

    Norman,

    Thanks for your comments on this subject. BYOD is definitely a risk most organization must put on their radar. On point of interest is that I believe the latest Google Android operating system (4.0/Ice Cream Sandwhich/ICS) may have built in security controls to reduce BYOD risks. I discuss it briefly and provide a screen print at the following link.

    http://goo.gl/IOqNW

  2. Earl Potjeau
    July 11, 2012 at 7:02 AM

    Norman,
    Once again spot on! The curiosity is that IT organizations historically tend to move to the technology of the moment or in this case cost solution of the moment-BYOD, much sooner than they are able to provide adequate security or governance. At some point in time you would hope that lessons of the past would be learned. My guess is that being first to exploit a technology is stronger than the need to manage risk.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: