Today, Juniper Networks released the results of its Trusted Mobility Index. From my perspective as a chief security officer, the most significant insight from the report highlights the concerns of IT managers regarding mobile security. These individuals are charged with protecting company networks and information in this new mobile environment where perimeter control is becoming more and more difficult.
According to Juniper’s report, IT feels pressure from both senior management and other employees to support the Bring Your Own Device (BYOD) trend. However, IT pros reported concerns about the following consequences of BYOD:
- Security breaches due to stolen devices – 41%
- Knowledge required to manage devices – 40%
- Knowledge needed to manage security protocols – 37%
- Employees introducing malware – 32%
I’m not surprised at all to see this kind of response from IT. Our team at AT&T encounters these concerns almost daily with our customers.
The greatest challenge we see with BYOD in the enterprise is the massive distribution of security responsibility. We know it’s an unreasonable expectation to ask every employee to be a security administrator, configure proper personal settings for protection, and remain vigilant on updating the latest malware software. It’s an assumption we, as an industry, made with PCs – and we’re still paying for it.
That’s one reason why AT&T is lifting the responsibility of mobile security off the shoulders of individual employees and into cloud-based, corporate managed gateways – where our security experts can manage and administer consistent policy control over how and where data is accessed, stored, and moved across our mobile environment.
Another reason is that many of the types of attacks that are emerging in the mobile ecosystem can only be stopped via real-time policing and filtering at the network-level. Simply loading a security app onto the device is not sufficient, especially now that employees have mobile access to enterprise applications and data stored in the cloud or other virtual environments.
Before we had desktop PCs, computer terminals accessed information on mainframes and this model provided significant security benefits. There was no need for end-user software patching and no end-user platform for targeted malware. Similarly, a central cloud-based gateway, for all Internet and enterprise traffic means a central gathering place for policy-based routing and security intelligence for accessing corporate resources.
The virtualization of security resulting from increased enterprise mobility was also a major focus of this year’s RSA Conference. Here are my key takeaways from those conversations:
How about you? What do you see as concerns for the BYOD trend? How should they be addressed? We look forward to your comments.