Mobile Security Message Gets Louder
Posted on 26/04/2013
The mobile data security message is getting louder but there’s still plenty of work to be done. Mark Curtis-Wood, Head of Networks at Nimans says more and more people are moving content onto mobile devices fuelled in part by BYOD.
“The more people start to become mobile the more they want to be mobile,” he explained. “A classic example is myself. I’ve now got an iPad and an iPhone. I depend on my iPad a lot which means I need to use our VPN and that can become a headache for our IT department about how they control how much access to information I have. What happens if my iPad gets lost? The more information people start to store in these sort of devices then the more potential security problems arise. It’s just not company data that’s at risk but a customer’s customer’s information. This can be a big problem that often gets overlooked.
“Is mobile security being taken seriously enough? Probably not. I think people are still apathetic to some extent because they have become so familiar and confident with mobile devices that they don’t view them in the same way as a desktop PC. Essentially they can access the same data and therefore the risks and security threats are the same.
“There’s a different mentality and culture in existence. People wouldn’t go for their lunch and leave sensitive information on screen but many are a lot more casual about mobile devices such as phones and tablets. There’s a lot of education needed to try and alert businesses to the potential risks that could be huge.”
BYOD is a key development that has many business benefits, but also some pitfalls, says Curtis-Wood. “Staff will still want to use their Facebook and Twitter accounts and personal emails. From a productivity perspective companies need to be mindful of how often staff are using devices for personal use in work time. One solution is Mobile Device Management where an IT dept can control what people are doing. That could be to disable content and limit access to various applications such as Sky Sports News or iTunes.
“The other dimension is having access to personal and company e-mails on the same device. What happens if a member of staff gets a sensitive e-mail from the Financial Director that then gets copied onto a twitter feed? Has the solution got a proper sandbox? What I mean by that is can the data be containerised? Information on mobiles is critical. With BYOD you have got to get containerisation right. If you can’t separate corporate and personal data then a company is going to have problems. Containerisation as a solution is critical to this.”
Curtis-Wood concluded: “Everyone knows about security threats on PC’s but they are often oblivious about their phones. There is a shift developing and the consumerisation of IT is driving this. It’s about backing up and storing data as well as protecting other personal information that could be used against an individual in the wrong hands. Devices will inevitably got lost but they can also get hacked and measures need to be put in place.
“Resellers need to be aware that it’s pretty easy to set-up software that can remotely ‘wipe’ a device or create an automatic message that offers a reward for something lost and found. There are network limitations with this however as you need to act quickly. It’s more about managing what content is on there in the first place.
“I think people are starting to ask what mobile security is available because without doubt there is a huge shift in content on mobile devices. Ultimately if you are going to replicate your desktop then you need the same level of security. There’s a shift in mentality needed. The message is slowly getting there but it’s nowhere near enough. There’s a lot of work to be done. “