Time for SA organisations to start thinking about mobile security

With the rapid move towards enterprise mobility, workers are able to access corporate information and networks nearly anywhere.

October 11, 2012

By William James, Product Manager at Cellfind, a subsidiary of the JSE-listed Blue Label Telecoms Group.

With the rapid move towards enterprise mobility, workers are able to access corporate information and networks as well as carry out their tasks nearly anywhere. But along with the welcome benefits of productivity, efficiency and flexibility, the shift to a mobile world brings with it a range of new security threats that companies need to manage closely.

Now, they have hundreds or even thousands of workers in the field carrying tablet computers and smartphones with privileged access to corporate applications such as sales force automation, ERP and even business intelligence. Many of these employees may even be carrying valuable data such as financials, passwords for corporate network resources or customer contact lists on the local storage of their devices.

One 2012 study conducted by Harris Interactive found that 26% of smartphone users store personal documents on their mobile devices, while 47% access social networks via mobile devices. Many of these devices are the same ones end-users are using to access corporate email and back-end systems.

These devices can easily be lost or stolen, and end up in the wrong hands. And since they’re essentially small but powerful computers that can run executable code, they are also susceptible to malware. As more and more business processes are carried out on mobile devices, the risks will only grow.

We’re now at the tipping point where mobile data usage will soon surpass access through personal computers. This means that companies need to start managing their mobile workforces in the same way as they do their PC environments.

They need to put systems management tools in place, ensure that all devices are secured by antivirus, and create clear security policies for users to adhere to. This is all made especially complex since users may be carrying a range of devices running Android, Apple iOS, Windows, Symbian and BlackBerry operating systems.

The best sorts of technology solutions will be ones that can be managed centrally and through the cloud. Some of the most important features to look for include centralised device management, remote device provisioning, backup solutions, data security and end-to-end control for disparate platforms.

Malware solutions – one area that many companies are neglecting – are also becoming increasingly important. Phishing, Trojans and viruses are rise in the mobile world, simply because criminals are beginning to understand that this is where the market of tomorrow is.

For CIOs, this is a major challenge since most companies have architected their security solutions around an old order where most of their PCs connected directly to a corporate LAN or through virtual private network.

Cloud-based solutions are a natural way for them to quickly deploy security to masses of mobile devices in the field without management headaches or the need to invest upfront in software licences. Such solutions can provide data security for mobile users in a way minimises impact on corporate networks, and grow along with the mobile workforce.

The companies that are perhaps best positioned to provide these solutions are wireless applications service providers, working with cellular networks, the organisations that understand the mobile market best. Together, they have the ability to deliver end-to-end solutions that stop security threats before they enter the corporate network since they already have robust solutions to service their customer bases.

Workers today are coming to the office and connecting to corporate networks with tools of their own. This poses a significant security threat, but it is also an opportunity to boost productivity and efficiency.

But there are a growing range of solutions that companies can use to secure and manage these devices without placing further strain on their IT departments or infrastructures. They would be wise to investigate them before they suffer a mobile-related security breach rather than after.