Few would argue that mobile devices have increased worker productivity and business agility. But those benefits come with the cost of exposing organizations to increasing numbers of network access points outside of traditional perimeter defenses. Many organizations may be unprepared for the risks they are facing. IDC projects mobile workers will account for nearly three quarters (72.3%) of the total U.S. workforce by the end of 2020.
Resistance to employee use of personal mobile devices is crumbling as more and more businesses adopt bring your own device (BYOD) policies. According to one study, the global market for BYOD and enterprise mobility solutions is growing at an annual compound growth rate of 27.6%.
At a Black Hat conference presentation this year, security consultant Vincent Tan introduced and demonstrated a mobile app penetration testing tools that bypass leading enterprise mobile security (EMS) solutions.
“Whether you are a CxO, administrator, or user, you can't afford not to understand the risks associated with BYOD,” Tan said in his pre-conference summary. The technology enables him to disable tamper-detection mechanisms and application locks, intercept and decrypt encrypted data, and route “secure” HTTP requests into VPN tunnels to attack servers. CIOs must understand the potential risk that comes with bringing personal devices into the enterprise—even if the enterprise is using security solutions.
A mobile device provides multiple attack routes into corporate networks via the carrier, Bluetooth, wireless, text messaging, and so on. Increasingly, employees use their mobile devices for both personal use and corporate use. That increases the chances of risky behavior from connecting to websites, sending and receiving text messages, and engaging in social media—any of which can result in malware infection or data loss. Some employees may even be tempted to jailbreak their devices in order to access applications that further expose the organization to security threats.
Many IT professionals are also worried that the “rush to release” new and updated mobile applications causes developers to bypass critical security steps. Meanwhile, many organizations are rushing to embrace the Internet of Things (IoT) to harness new products and services opportunities. It’s estimated that 24 billion IoT devices will be connected via the Internet by 2020.
Without a doubt, the attack surface is multiplying at a phenomenal rate—and criminals are increasingly creative in exploiting weaknesses. Among the top mobile threats cited by one security expert: mobile Web browser-based hacking, remote device hijacking, eavesdropping, and use for distributed denial of service (DDoS) attacks. Mobile security involves more than simply deploying, configuring, and issuing devices. It’s about managing those devices over time and ensuring users can only gain access to authorized systems and services.
Our Mobility Practice and Security Practice work together to help you build a sound mobile strategy that addresses the very real mobility concerns. Our team of experts can ensure mobile devices are used in a controlled way, without compromising sensitive data or breaching your environment. We have a detailed methodology to ensure you consider all aspects of security and manage your policies to achieve the desired level of acceptable risk.