Olympic Games bring mobile device security concerns to forefront

Enterprises must have a strong mobile and BYOD policy in place as mobile device security concerns loom large.

Mobile devices pose a security risk for enterprises because they are easily lost or stolen, and thousands are expected to disappear during the Olympic Games in London this summer.

Approximately 60,000 mobile phones will be lost or stolen during the London Olympic Games, and 27,000 of those will be smartphones, according to Venafi, a Sandy, Utah-based encryption and certification management company.

Venafi's data is sourced to various online media sources and is not scientific, but the estimates underscore an important point about the era of mobility: Enterprises need strong user mobile device training on acceptable uses, a robust bring your own device (BYOD) policy and secure technologies to protect sensitive data.

"This is the problem with the iPhone syndrome," said Craig Mathias, mobile analyst with the Ashland, Mass.-based Farpoint Group. "Once the iPhone appeared, all of a sudden there are devices running rampant on the network; and if organizations don't have a handle on them, nothing else they do to protect data will matter."

Cloud and mobility have erased the concept of the secure perimeter because employees can access corporate data from unsecure networks while sitting in a coffee shop, said Benjamin Robbins, principal at Seattle, Wash.-based Palador Inc., an enterprise mobility consulting firm.

The BYOD trend compounds the risk because IT has less control over employee-owned devices than they do over corporate-owned devices.

While the BYOD discussion typically centers on smartphones, the problem extends to any employee-owned device that is portable and can connect to the corporate datacenter from outside the firewall. No matter the device, sharing corporate data has become very simple to do, Robbins said.

"Dropbox and that share button is so natively integrated into the device and easy to use that when it comes to work purposes, how do you not just use it?," he said.

In fact, 60% of employees frequently move large files containing business-confidential information to cloud storage and file syncing services such as Dropbox without asking permission, according to a survey by the Ponemon Institute, a research firm based in Traverse City, Mich. A little more than half of respondents to the survey of 622 IT and security professionals acknowledge this activity could result in the leakage of confidential information because those applications are used on mobile devices.

Mobile device security policies

Mobile device security requires the participation of the entire business -- not just IT, Mathias said. Modern enterprises run on information; and without the right management, policy and attitude in place, employee mobile device practices will conflict with information security, he said.

More on mobile device security

Mobile traffic of Olympic proportions: Is your enterprise prepared?

Acer meets London 2012 Olympic challenge head-on

Mobile device security overview

With that, IT has to treat mobile security the way airports do, with layers of security extending to the devices, apps and back to the data center, industry watchers said.

"Before you allow any information onto mobile devices, organizations have to set policy, figure out what business goals they are trying to accomplish, the costs involved, risks involved and more," Mathias said. The conundrum, he noted, is that operational productivity and IT security are often at odds with one another even though they should work together.

Even so, mobile device security is something enterprise IT "needs to give attention to," Robbins said.

Dig Deeper on Mobile data, back-end services and infrastructure

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

10 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Does your enterprise have a firm BYOD policy for employees?
Cancel
yes i work for ibm
Cancel
This is for a large state educational system
Cancel
I think all companies eventually will have to have a strong policy on BYOD
Cancel
mobile device policy for years, personal device policy for years added a byod component this year
Cancel
They are NOT allowed.
Cancel
If those are the problems at the very center of tech development, what to say about the emerging countries? How many foreign companies are here in Brazil? Do they know about the security risks?
Cancel
nope unfortunately but its in the offing
Cancel
no policy is defined
Cancel
No policy in place. Yet using the IT infrastructure with personal devices can not be without the Network Administrators permission.
Cancel

-ADS BY GOOGLE

SearchNetworking

SearchTelecom

SearchUnifiedCommunications

SearchSecurity

Close