Top 7 Risks of Enterprise Mobility

While mobility in the enterprise is enabling innovation and agility, it is also introducing a number of troubling security risks that represent back door opportunities for cyber criminals. The good news is, enterprises can protect corporate data. By understanding each of the risk areas and employing a layered security approach to address them, you can defend your business. The top seven risks of enterprise mobility include:

1. Heterogeneous Environment

Unlike traditional endpoints, mobile devices represent a motley collection of appliances and operating systems. To make matters worse, employees often use multiple devices, which may or may not be owned by the company. In fact, according to Forrester, 53 percent of information workers now use three or more devices for work[1], and 95 percent of organizations allow the use of employee-owned devices in some form[2]. Crucial security measures to manage these challenges include applying consistent policies across mobile operating systems and separating personal and corporate data.

2. Anytime, Anywhere Connectivity

Because they are hyper-connected, mobile devices often access unsecured networks, increasing the risk of data loss. 71 percent of all mobile communications are now flowing over WiFi[3], and 90 percent of public WiFi hotspots have inadequate security[4]--ominous indeed. To counter these risks, ensure connectivity via certificate-based network access, and utilize per-app VPNs that encrypt data in transit. In addition, you’ll want to deploy app and email proxies that block unauthorized or non-compliant devices and apps.

3. Loss and Theft

Small and portable devices are vulnerable to loss and theft. 3.1 million smartphones were stolen in 2013, nearly twice as many as in 2012[5]. In addition, eight out of ten finders of lost devices were found to have tried to access corporate information on the device[6]. To protect lost or stolen devices, enforce password policies for devices and apps using multi-factor authentication. Provide seamless access to corporate apps and resources with certificates and single sign-on. Encrypt corporate apps and data so they’re protected even if the device is compromised. Finally, employ full or selective device wipe.

4. Compromised Devices

Users can tamper with (jailbreak or root) a device’s operating system to gain elevated privileges and install malicious apps from unauthorized app stores. According to Forbes, 18 million iOS devices had been jailbroken within six weeks of jailbreak tool availability[7], and 24 percent of mobile phones currently on corporate networks are jailbroken[8]. To counter this threat, you must continuously monitor device compliance, and identify and block compromised devices from accessing enterprise networks and apps.

5. Data Leaks

With ever-greater numbers of workers relying on mobile apps for work and personal use, IT professionals are alarmed. A whopping 87 percent are specifically concerned about mobile data leakage[9], while 46 percent of IT leaders are certain that unmanaged file sharing is causing data leaks[10]. To allay these risks, implement mobile DLP policies like blocking copy and paste actions. Manage “open in” controls to prevent content from being accessed by unapproved apps, and control whether data is allowed to be stored locally or on a Micro-SD card.

6. Bring Your Own Apps

Employees are relying on personal apps, such as file sync and sharing tools, for work purposes, increasing the risk of data loss and potential breaches. 25 percent of employees are now bringing their own mobile apps into the workplace to fill a perceived gap of apps not provided by their employers[11], and 75 percent of these apps are expected to fail basic security tests through 2015[12]. To protect your business from these risky apps, begin by providing a curated enterprise app store that offers easy access to approved in-house and third-party apps. In addition, deploy and manage user apps dependent on role, and implement app-level security policies for DLP, encryption, and authentication.

7. Malicious and Risky Apps

Apps are fun, helpful—and the weakest point of entry for determined cyber-criminals. All too often, they are installed by users with little or no thought to the dangers they may pose. According to Norton Mobile Insight, as of October 2014, there were three million malicious apps—and eight million apps with risky behaviors—circulating. These risky behaviors included stealing information (19%), tracking the user (22%), posing traditional threats (26%), sending content (13%), and reconfiguring the device (13%)[13]. To guard against these outcomes and ensure devices are protected, implement centrally managed mobile threat protection that can proactively detect and block mobile threats such as malware and risky apps. IT can white- or black-list apps based on app behavior, and prevent access to enterprise apps and services if malware is detected.

The risks are daunting, but the fact is, you can deliver comprehensive mobile protection without compromising the user experience. Our concise infographic clearly lays out these top seven risks, along with the specific security measures needed to mitigate them, so your data, apps, and users stay connected, productive, and secure.