Businesses, Government Not Taking Mobile Device Security Seriously
On average, one-third of employees use mobile devices exclusively to do their work and this is expected to increase significantly to an average of 47 percent of employees in the next 12 months, indicated a report, “Security in the New Mobile Ecosystem,” produced by the Ponemon Institute and sponsored by Raytheon.
Even in light of this anticipated growth, 64 percent of respondents claimed that they do not currently or expect to have sufficient funds to mitigate or curtail mobile device cyber security threats.
Ashok Sankar, vice president of cyber strategies for Raytheon Cyber Products, said employers want the increased productivity that mobile computing brings to their enterprises.
“It’s not that people don’t want to make it secure, but it is that they have a paradigm, and making it secure does not fit that paradigm,” he said.
Computer security, before mobile computing became ubiquitous, was a one-way street. The information-technology department gave a worker a laptop or desktop computer that they had fully vetted and placed restrictions upon. The employee accepted it, and put little thought into security. That was the IT department’s problem.
“A typical worker asks: ‘How am I best going to get my work done?’ They don’t necessarily look at, ‘How am I going to make the data more secure?’ That has never been an employee’s primary concern,” Sankar said.
Today, whether the mobile device is a personal one being used for work, or issued by employers, personnel are willing to circumvent security to do what they want, the survey indicated.
“And IT [departments are] seeing a significant productivity increase among employees that they don’t want to slow down,” Sankar added.
“I don’t think security is a one-way dictation anymore. It is a two-way conversation,” he said. IT managers should say: “I’m going to let you use your device. I’m going to let you be more productive — the way you want to be so you’re happy and comfortable with it — but with flexibility comes responsibility.”
The survey also showed that many organizations don’t have a centralized policy. Different business units have different restrictions. A centralized approach to the problem might be more effective, he said.
The survey noted few differences between the commercial sector and government when it comes to mobile device security policies and growth figures, he said.
Thin mobile clients, where applications are run on backends and data is at rest somewhere other than the mobile device, is one solution, he said. If the device is lost, then the data is not lost.
“With work force productivity always trumping security, I think you’ve got a disaster waiting to happen,” Sankar added.