In the near future, the device will no longer matter in IT security so much as the protective mechanisms guarding it. TechTarget's James Furbush noted that identity and mobile device management are starting to coalesce into a single discipline with many IT departments managing data and access to service more than just the smartphone or tablet.Benjamin Robbins, principal at Palador, said making the device itself irrelevant in the workflow will make it easier for employees to work. As an example, an employee who travels frequently rarely accesses data from behind the protection of a firewall, as they are in hotels, coffee shops or other WI-Fi networks, but they still need access to the information to be productive, according to Krish Kupathil, CEO at AgreeYa Mobility. If only the concern of managing the endpoint remains compared to the physical device, employees will be able to more safely access information as the IT department won't be constantly managing what enables security of the device and data.
Focusing on the physical device itself instead of the data is already quite difficult, but as the number of gadgets increase among employees, it will be far easier to simply guard the data instead of each individual machine. John Little, chief technology officer at Venture Technologies, told Furbush that things are starting to are starting to get better with the security features of mobile devices, but they are still not up to the standards of PCs yet. This means organizations will likely still need to continue using different tools for guarding the network and mobile stack for now.
"That might not be the case for long, however," Furbush said. "The line between mobile endpoint management and traditional PC endpoint management is beginning to blur even for vendors. Companies that started out on the mobile side have expanded into PCs and vice versa."
Mobile security hampered by misconceptions
There are still plenty of misconceptions when it comes to cyber security and mobile devices, according to CMSWire's Caleb Sima. One big one is what exactly is the biggest threat for devices, as many seem to believe it is malware Sima said data loss is a bigger threat to the safety of these devices. Another myth is that mobile device management is the only piece of security needed by organizations to be able to give employees mobile devices.
"What enterprises require is comprehensive visibility to inform a complete mobile security strategy, not just basic device-level tactics," he wrote. "Enterprises know that data on the device is half their concern; the other half is transfer of mobile data into the cloud. Therefore enterprises want to know what apps users are leveraging to access and relay data and where ultimately is that mobile data being stored; on the device or in the cloud."
Other myths, according to Sima, include:
- Avoidance of BYOD (Bring your own Device) means staying secure, which is untrue since data will be flowing back and forth between devices either way
- Controls need to be implemented as soon as possible, which Sima said is untrue as many will go around them anyway. Organizations need to have a policy in line before anything
- Security needs to be implemented no matter what users think, which he believes could make the program become less used. A hard line this could make employees that think the company is restrictive
A recent report by Check Point shows the importance of cyber security for mobile devices, as 79 percent of organizations surveyed said they have experienced an incident in the past year with substantial costs. More than 42 percent of these businesses saw six figure losses from a mobile breach, with 16 percent saw more than $500,000 out the window due to a mobile breach.
Consumerization News from SimplySecurity.com by Trend Micro.