Posted on 23rd December, 2011 by LEO Learning Web Team
This post first appeared on the LINE blog on 23rd December 2011.
According to 33% of employees keep sensitive information on mobile devices, including smartphones, tablets (such as iPads) and even music players with hard drives (such as iPods). While most organisations (95%) have a mobile device security strategy in place, 65% of employees were unaware of the details of that strategy. More than 8,500 of these same devices were left at UK airports in 2010. These three factors highlight the need for a strong mobile security strategy.
The study above found that mobile security was a two-way problem: employees were using personal mobile devices for work and work-issued devices for personal activities. While many of the latter activities were sanctioned, employees were not aware of the security risks involved.
With more employees demanding access to corporate services on their mobile devices, security should therefore be high on the agenda.
In this brief post, I’d like to highlight three aspects of mobile security:
• Device security
• Security of data
• Security of content
Device security, in simple terms, is the ability of a device as a whole to be recognised as part of the business and controlled by that business. The business may own and wish to control access to the device itself, or this may be a personal device that is used in the business under certain terms. Device security gives the ability for the business to control, wipe or lock a device remotely.
Secondly, security of data refers to the actual security of the information, being transferred to and from a device. This is most typically an email service used on a mobile device. However, data is more commonly being shared within apps as e.g. information from internal analysts, live sales reports or customer specific information. Data security, in simple terms, is the ability to control the connection to the device.
Thirdly, security of content refers to a secure method of viewing content on a mobile device (e.g. video, pdfs). The company needs to know that a device or an app on a device is part of that business, in order to allow access to content. In simple terms, security of content is the ability to control the flow and use of content to that device by ensuring the device and the user are registered. This content is extremely valuable IP that is not publically available, e.g. an internal company handbook, secure customer documents or confidential business process forms.
This is by no means an exhaustive visit to the topic of mobile security, but it gives you some of the key topics on the subject. Hopefully, what we have briefly addressed above shows that, whilst mobile security is an imperative issue, it can be addressed and controlled in a series of understandable and digestible steps, with an expert partner.