Solving security issues relating to the use of mobile technologies will be among the most pressing priorities for businesses in 2012, writes Ruggero Contu, agenda manager, security solutions worldwide, at Gartner.
This is due to the range of vulnerabilities that affect increasingly popular mobile platforms such as smartphones and media tablets – from the high risk of data loss and the availability of unsecured applications from app stores, to the growing threat from mobile malware.
Throughout 2012, many organisations will remain unsure how to tackle these vulnerabilities. One important concern relates to the "consumerisation" of IT. While some businesses will opt for more restrictive policies to try to limit employees' use of personal devices at work, this will become increasingly difficult, if not impossible to implement. After all, employees can download data to cloud storage services such as Dropbox, and then access it from unauthorised devices. What's more, bring-your-own-device (BYOD) schemes for employees can have clear productivity benefits, as can granting external consultants and partners controlled access to corporate resources via mobile devices.
The right security policy
To secure mobile technologies, it is crucial to have the right policy and tools in place. Implementation of a clear mobile security policy will contribute to a controlled and secure use of both corporate and personal mobile equipment. New technology can be very useful for solving some security problems. Mobile device management tools, for example, offer capabilities to fulfill tasks such as software distribution, inventory/policy management and security management.
More traditional security technologies also have capabilities that can extend to mobile devices. For example, network access control is now used mainly to enable BYOD schemes, while cloud-based secure web gateway tools can be very helpful in protecting mobile devices when used remotely. Mobile data protection and data loss prevention tools offer essential capabilities to secure both moving and static data by applying granular encryption policies and monitoring the movements of vital corporate information.
This was first published in December 2011