Businesses, Government Not Taking Mobile Device Security Seriously

HOMELAND SECURITY

Businesses, Government Not Taking Mobile Device Security Seriously

11/1/2014
By Stew Magnuson

While the use of mobile devices for work purposes is expected to grow, a survey of government and private industry personnel indicated that many organizations simply aren’t taking security precautions.

On average, one-third of employees use mobile devices exclusively to do their work and this is expected to increase significantly to an average of 47 percent of employees in the next 12 months, indicated a report, “Security in the New Mobile Ecosystem,” produced by the Ponemon Institute and sponsored by Raytheon.

Even in light of this anticipated growth, 64 percent of respondents claimed that they do not currently or expect to have sufficient funds to mitigate or curtail mobile device cyber security threats.

Ashok Sankar, vice president of cyber strategies for Raytheon Cyber Products, said employers want the increased productivity that mobile computing brings to their enterprises.

“It’s not that people don’t want to make it secure, but it is that they have a paradigm, and making it secure does not fit that paradigm,” he said.

Computer security, before mobile computing became ubiquitous, was a one-way street. The information-technology department gave a worker a laptop or desktop computer that they had fully vetted and placed restrictions upon. The employee accepted it, and put little thought into security. That was the IT department’s problem.

“A typical worker asks: ‘How am I best going to get my work done?’ They don’t necessarily look at, ‘How am I going to make the data more secure?’ That has never been an employee’s primary concern,” Sankar said.

Today, whether the mobile device is a personal one being used for work, or issued by employers, personnel are willing to circumvent security to do what they want, the survey indicated.

“And IT [departments are] seeing a significant productivity increase among employees that they don’t want to slow down,” Sankar added.

“I don’t think security is a one-way dictation anymore. It is a two-way conversation,” he said. IT managers should say: “I’m going to let you use your device. I’m going to let you be more productive — the way you want to be so you’re happy and comfortable with it — but with flexibility comes responsibility.”

The survey also showed that many organizations don’t have a centralized policy. Different business units have different restrictions. A centralized approach to the problem might be more effective, he said.

The survey noted few differences between the commercial sector and government when it comes to mobile device security policies and growth figures, he said.

Thin mobile clients, where applications are run on backends and data is at rest somewhere other than the mobile device, is one solution, he said. If the device is lost, then the data is not lost.

“With work force productivity always trumping security, I think you’ve got a disaster waiting to happen,” Sankar added.

Topics: Cybersecurity, Infotech, Infotech

Comments (0)

Name *

Email *

Comment *

Please enter the text displayed in the image.

Characters *

Legal Notice *

NDIA is not responsible for screening, policing, editing, or monitoring your or another user's postings and encourages all of its users to use reasonable discretion and caution in evaluating or reviewing any posting. Moreover, and except as provided below with respect to NDIA's right and ability to delete or remove a posting (or any part thereof), NDIA does not endorse, oppose, or edit any opinion or information provided by you or another user and does not make any representation with respect to, nor does it endorse the accuracy, completeness, timeliness, or reliability of any advice, opinion, statement, or other material displayed, uploaded, or distributed by you or any other user. Nevertheless, NDIA reserves the right to delete or take other action with respect to postings (or parts thereof) that NDIA believes in good faith violate this Legal Notice and/or are potentially harmful or unlawful. If you violate this Legal Notice, NDIA may, in its sole discretion, delete the unacceptable content from your posting, remove or delete the posting in its entirety, issue you a warning, and/or terminate your use of the NDIA site. Moreover, it is a policy of NDIA to take appropriate actions under the Digital Millennium Copyright Act and other applicable intellectual property laws. If you become aware of postings that violate these rules regarding acceptable behavior or content, you may contact NDIA at 703.522.1820.

I have read the legal notice.

Find an Article VIEW ALL ARTICLES