CYBEREYE
BY BRIAN ROBINSON
Can users help solve
the mobile security disconnect?
READ ANY STORY about cybersecurity these days and chances are you’ll see at least some mention of the importance of mobile secu- rity. That’s for good reason because mobile is consid- ered one of the greatest risks — if not the greatest risk — to overall enterprise IT security.
Despite that acknowledg- ment, enterprises are still not doing enough to protect against mobile threats, according to MobileIron’s latest quarterly Mobile Security and Risk Review. The report details a fairly big gap between the threats faced by both private-sector and government organiza- tions and the protections those organizations have implemented.
Mobile threats are in- creasing in number and so- phistication, yet MobileIron found that only 8 percent of organizations are enforcing operating system updates, and less than 5 percent
are using the most modern mobile security tools.
The “lack of security hygiene demonstrates that enterprises are alarmingly complacent, even when many solutions are avail- able,” said James Plouffe, MobileIron’s lead solutions architect.
Other surveys have come to the same conclusion. In a recent Ponemon Institute
study, a large majority of respondents viewed mobile devices as susceptible to hacking and the probable cause of data breaches in their organizations, but only a third were “vigilant” in protecting their data. Close to 40 percent did not even see a pressing reason to protect data on their mobile devices.
Sean Frazier, chief
Disconnects show up in other areas as well. The Obama administration
has been pushing for the increased use of encryption to safeguard at least some part of the IT traffic chain. The Office of Management and Budget issued a memo last year requiring agencies to use HTTPS for all website and services connections by the end of 2016.
a radical departure from traditional views of mobile technology in which agency IT departments handed
out BlackBerries to their employees preloaded with IT-approved apps and data.
Today’s mobile IT envi- ronment — with all the is- sues bring-your-own-device policies and shadow IT bring with them — presents a starkly different ecosystem
26 GCN AUGUST/SEPTEMBER 2016 • GCN.COM
Government has not caught on to the fact that mobile technology has fundamentally changed how IT should be viewed and managed.
technology evangelist for MobileIron’s Public Sector Practice and someone who has years of experience working with government, said that although agencies are thinking about mobile security, they are not look- ing beyond the most basic capabilities.
They are not as capable as many other organiza- tions around the world, and they either don’t fully understand the dangers “or they do but find they can’t respond as quickly or as well,” Frazier said.
Government overall responds well to most IT security incidents, but it doesn’t seem to understand how to transfer that insight to mobile.
At the same time, however, national security officials have been making a concerted pitch to get some kind of back door inserted into operating systems and messaging services to help them tap into encrypted communications from sus- pected terrorists. Experience has shown that, if those kinds of workarounds exist, at some point the bad guys will find them and use them to get into government networks and systems.
Frazier said government has not caught on to the fact that mobile technology has fundamentally changed how IT should be viewed and managed, with users now much more involved at a higher level. That’s
to manage. Mobile devices today are computers, not just communication tools. And users themselves, many of whom have been relying on mobile technology for their own needs for years, know how to securely man- age the apps and data on their devices.
Frazier said he believes government will eventually see the value of letting users manage mobile security, particularly now that major manufacturers such as Apple and Samsung have built sophisticated secu-
rity management into their devices.
“It’s about time that the user was brought more directly into the conversa- tion,” he said. •