Enterprise mobility brings new risks - so why aren't companies managing them better?
Less than a third of global businesses are implementing encryption techniques or stronger identity and access management controls to deal with the risks related to the use of new technologies – particularly wireless access to corporate networks - according to Ernst & Young's 13th annual Global Information Security Survey published towards the end of last year.
Over half of respondents said increased workforce mobility posed a considerable challenge to information security due to widespread use of mobile computing devices that allow people to access and distribute business information from anywhere at any time.
For almost two-thirds of those surveyed, employees’ level of security awareness is recognised as a considerable challenge. “As the mobile workforce continues to grow, so does the level of risk. In addition to implementing new technology solutions and re-engineering information flows, companies must focus on informing the workforce about risks,” said Seamus Reilly, of Ernst & Young IT Risk Advisory.
The delivery of effective and regular security awareness training is a critical success factor as companies attempt to keep pace with the changing environment, he added. Despite this, only 46% of respondents intended to increase their annual investment in information security.
The MessageLabs Intelligence 2010 Security Report found that while exclusively mobile employees behave similarly to office-based users and therefore pose little additional threat to an organization, those who work both in and out of the office appear to drop their guard considerably when off site, posing considerably higher risk to their employer.
More than half of IT security administrators expect an increase in the number of users attempting to connect to their network according to a survey by Check Point. Almost two thirds admit to being concerned about the potential exposure to sensitive data, yet the survey also found that 70% of respondents do not use data encryption to secure their business laptops and 87% do not encrypt USB or portable media devices.
Ben Khoushy, vice president of endpoint products at Check Point, said “Mobile computing and the consumerization of IT is no longer a trend but a way of life for most businesses, with employees and contractors demanding more access to business applications and data from both corporate and personally-owned devices.”
Many organisations have not set up an appropriate plan to secure the use of personal laptops and smartphones in the workplace, he added. “These vulnerabilities need to be addressed by a combination of technology and user awareness that enforce better security protections to secure data on-the-go.”