In the first two parts of our report on the "2012 State of Mobile Security" survey by InformationWeek Reports, we looked at how bring-your-own-device (BYOD) policies are leaving companies vulnerable, and how CIOs can bolster mobile security. In Part 3, we explore BYOD security concerns.
First, it was the veritable explosion in mobile computing. That led, rather naturally, to the proliferation of BYOD policies. So it probably doesn't come as a shock that mobile networks are now subject to the same cybersecurity risks as traditional wired networks.
What may come as a surprise, however? Some organizations are still "burying their heads in the sand," instead of taking proactive measures to deal with these escalating BYOD security threats, according to Michael Finneran, principal at dBrn Associates in Hewlett Neck, N.Y., and author of the recently published "2012 State of Mobile Security" survey by InformationWeek Reports.
That's despite the fact that 86% of the 322 respondents permit the use of personally owned devices now or will soon. And though 84% of respondents also identify lost or stolen devices as a key mobile security concern, it'll likely take a highly publicized security incident tied to a poorly protected mobile device for IT to get the requisite management support and budget to address these issues adequately, the report states.
"Even in regulated industries, unless there is a front-page Wall Street Journal story about some event based on a smartphone or tablet that was inadequately protected and significant amounts of sensitive information was released resulting in a regulatory fine, everyone seems to be taking the approach that 'it probably can't happen,'" says Finneran.
Doug Miller, general manager of mobile solutions at Redwood City, Calif.-based vendor Nominum, agrees that the issue of BYOD security doesn't seem to have taken root. Nominum provides services for mobile providers, including Verizon, Deutsche Telekom and Telstra.
"Service providers aren't seeing this [mobile security] as a growth market for them yet," he says. "They're hearing about it, and we're being asked about what our solutions are for BYOD plans ... but I'm hearing more about it from the media than I am from service providers right now. It's a legitimate problem that service providers can solve."
To that end, Nominum recently announced its Mobile Network and User Security Solution. While geared toward mobile service providers, the product offers protection from bots, viruses and phishing attacks on consumer devices, while securing network elements and DNS data.
The security of the mobile network can be an issue, Finneran agrees. "The big picture is the number of potential threat vectors we're faced with. The most obvious is the threat of a lost or stolen device that isn't password-protected. But there are literally dozens of others, [including] information transmitted over-the-air to the persistence of mobile malware," he says.
Next: Tap a Chief Mobility Officer to Oversee BYOD Security
