Research claims to show that almost a third of executives have rogue mobile devices linked to their organisation’s network, a symptom of the falling cost of technology and the increasing use of personal portable devices in the workplace.
The Deloitte research also showing that 87 per cent of respondents thinking that their organisation is at risk of an attack due to a lapse in mobile security, it is clear that the consumerisation of IT – and portable devices in particular – now poses a potentially major security problem for most IT security professionals.
Whilst it is perhaps understandable that the lines between personal and business portable device usage is blurring – with employees using their business devices for personal usage – the reverse of personal devices being used for business purposes is something that really needs to be controlled.
Far too many organisations allow mobile devices to connect to company services – such as the Intranet or office email systems without the necessary security controls being imposed – often using the simplest means possible, typically on a plug-and-play basis.
This is despite the fact that far more stringent security and access controls are imposed on laptops, even though the computing power of the latest dual-core portable devices is far greater than the 10 inch netbooks that were all the rage just a few years ago.
The results of this Deloitte survey – which took in responses from 1,200 people – show that it is time that companies started treating mobile devices in the same cautious and secure way they treat laptops.
In fact, even if this means there is a slightly higher security hurdle for mobile device users to negotiate – as long as those hurdles are proportionate to the level of risk involved, then any security-conscious IT professional should implement those controls as a matter of course.
The sad reality is that most IT security professionals are now only too well aware of the dangers posed by unauthorised mobile devices, yet it is clear from this research that many are unsure what their businesses are doing to counter the risks, which is perhaps understandable given the fact those businesses are failing to recognise the risks they face.
This isn’t rocket science security either. Just as the technology that allows IT professionals to develop enhanced security for their laptops has existed for some time, so does similar technology to secure against the risks that portable devices now pose the organisation.
Extending the security envelope around these portable devices is a relatively easy task – provided the management of the company understands the risks they are running.