From sales staff working the floor in large stores to corporate road warriors flitting from city to city, there is no debate about the degree to which mobile devices have increased productivity. Some sources place the time savings as high as 57 minutes per day. As new apps continue to flow into online stores, there is also widespread agreement that those productivity gains are just the beginning of what might be possible.
Change the topic to mobile security, however, and the tone shifts to nagging doubts: “Does my tablet, smartphone or watch keep my data as safe as my desktop computer?” Respondents to a recent Forrester Research survey chose their desktop environment for security by a margin of 71 percent to 43 percent.
But, consider this: A quick Google search can take you to a YouTube tutorial showing how to crack an iMac's master password, but only your fingerprint will unlock your iPhone. In March, Fujitsu introduced an iris authentication system for smartphones. Other biometric-based security approaches are rumored to be in the pipeline at other manufacturers.
Add to those types of user-facing security features such technologies as partitioning of corporate and personal apps and data, cloud-based enterprise mobility management and BlackBerry's VPN Authentication and you can start to see the security of the mobile environment holding as much promise as productivity gains offer.
“In some important ways, mobile devices are more secure than the traditional desktop or laptop,” says Edward “Pat” Patterson, enterprise architect at FishNet Security, which merged with Denver-based Accuvant in February. “Mobile operating systems have built-in security measures that are still not present in desktop operating systems, and most of the software for these devices is only available through app stores that check it before it is made available.”
So, why does mobile vulnerability continue to rank so prominently on the list of things that keep CISOs awake at 3 a.m.?
Beyond the lingering perception that smartphones, tablets and the emerging wave of wearable devices are inherently insecure, two major realities are prime sleep-killers: Many organizations have remained behind the curve on the burgeoning adoption of mobile devices, and as intelligently as Apple, Samsung, Xiaomi and other manufacturers have designed their devices, no one has been able to design a user who will not click on a bad link they believe is legitimate, leave their smartphone in a restaurant or let their kid download some random apps.
“Users are still the weakest link,” says Alex Manea, director for BlackBerry Security in Waterloo, Ont., Canada.
It falls to organizations to manage those human factors, establish protocols for securing mobile communications and adopt network technologies for identifying risky usage and potential cybercrime. It remains a subtle balancing act between wringing productivity gains out of mobile's potential and extending trust too far.
Organizations have to shift the way they think about mobile, says Manea. “They need to understand that these are computers and integrate mobile into their overall security strategy.”