Mobility of the enterprise workforce has quickly become a key element to competing in an increasingly fast paced marketplace, but the advantages are tempered by a new set of risks. The threat of a catastrophic data loss event from mismanagement of mobile devices tops the list of concerns revealed in a new study by the Cloud Security Alliance (CSA).
CSA, a non-profit cloud computing best practices advocacy group, released the results of a survey of corporate executives titled Top Mobile Threats which shows that management is growing wary of the new avenue of exposure presented by the rapid adoption of mobile solutions.
“Personally owned mobile devices are increasingly being used to access employers’ systems and cloud-hosted data, both via browser-based and native mobile applications. This without a doubt is a tremendous concern for enterprises worldwide. The results of this research will play an important role as we set out to develop much needed guidance on where time, talent and money should be placed when it comes to addressing mobile security threats," John Yeoh, a research analyst for the CSA said in a press release.
Central to the use of mobile devices in the enterprise workplace is the issue of effective access control and authentication protocols to ensure network security while simultaneously allowing for ease of use to avoid inhibiting employee productivity and collaboration.
Also of concern are the inherent risks associated with governance regarding the "Bring Your Own Device" (BYOD) trend, favored by some companies for the cost-cutting benefits realized in allowing employees to use their personal devices for business related activities.
But the CSA survey found that the number one concern for management is the potential compromise of sensitive information, as seen in the survey's ranking of the top mobile threats:
- Data loss from lost, stolen or decommissioned devices
- Information-stealing mobile malware
- Data loss and data leakage through poorly written third-party applications
- Vulnerabilities within devices, OS, design and third-party applications. Insecure Wifi network or rogue access points
- Insecure WiFi, network access and rogue access points.
- Insecure or rogue marketplaces
- Insufficient management tools, capabilities and access to APIs (includes personas)
- NFC and proximity-based hacking
The survey's release follows on the heels of a CSA whitepaper debut titled Mobile Device Management: Key Components, V1.0, which outlines more than a dozen critical components required for developing effective enterprise mobility policies and procedures.
The guidelines in the whitepaper were devised as the first in a series of six installments on mobile device management (MDM) that will comprise the organization’s “Security Guidance for Critical Areas of Mobile Computing” which will be unveiled in November at the CSA Congress in Orlando, Florida.
“As mobile devices have become mainstays in the enterprise, an understanding of the full technology, process, and people implications of MDM will be absolutely required to ensure that the introduction of mobile devices will not compromise security. While most companies already have security policies in place, those policies need to be reviewed and possibly updated to account for the many components of mobile technology that we have identified in this report,” said CSA’s Global Research Director J.R. Santos.
Both the survey results and the MDM guidelines whitepaper are available for download on the CSA's website.