As more companies jump on the enterprise mobility bandwagon, security has become a prime concern among CIOs. According to a recent Symantec study, businesses are incurring hefty losses due to mobility-related security incidents. Still, many companies remain convinced that the productivity benefits of mobility outweigh the costs, and have taken measures to protect corporate information.
In this month’s Goondu Q&A, we asked David Dzienciol, Symantec’s vice president for channel sales and SMB in Asia Pacific and Japan, to delve deeper into the motivations behind the uptake of enterprise mobility and what companies can do to protect their data from prying eyes.
Q: In Symantec’s latest state of mobility survey, 70 percent of respondents expected to increase productivity by using mobile devices, yet 77 percent saw productivity gains after implementing. What were the possible reasons for this rare alignment between expectations and reality?
A: The alignment is indicative of a fast-maturing industry – the cultural shift from previously refusing mobile devices to the current state of actively distributing and developing mobile applications. According to Symantec’s 2012 State of Mobility Survey, most enterprises (77 percent) are discussing developing their own customer mobile applications. A majority (54 percent) are running line-of-business applications and three-quarters (75 percent) of enterprises polled are discussing implementing a corporate ‘app store’. SMBs are no different – now that mobile devices are commonplace, over half (59 percent) are now looking at implementing a corporate “store” for mobile applications.
When asked why they were quick to embrace mobile computing, Singapore respondents cited increased efficiency, increased sales and improved customer relations as the most important benefits. The findings point to the goal of improving corporate agility. Businesses want to improve efficiency and increase workplace effectiveness. They want get things done quicker and mobility offers them with the ideal platform to do just that.
These results largely held true for small businesses and enterprises alike, with efficiency being their top goal. Enterprises were slightly more optimistic in the benefits they would realize, not quite doing as well as they expected, while SMBs had slightly lower expectations that were exceeded. The main difference was that smaller businesses were less likely than enterprises to have plans regarding custom apps or corporate app stores.
As mobile application adoption becomes a mainstream business activity, majority of organizations are more inclined to consider the implications brought about by mobile computing. This heightened awareness also helps to influence organizations in setting more realistic targets and goals.
Q: While mobile devices have improved worker productivity, they are also a source of risk to many IT organisations. What are the main security concerns that companies have over mobile devices and what can be done to mitigate those risks?
A: 39 percent of Singapore respondents are keenly aware of the potential risks mobility can pose, ranking mobile devices as one of their top three IT risks. They cited a variety of concerns, including device loss, data leakage, unauthorized access to corporate resources and malware infection network through smartphones and tablets.
As a general rule of thumb, organizations should consider developing a mobile strategy that defines the organizations’ mobile culture and aligns with their security risk tolerance. Symantec offers the following best practices to improve the effectiveness of mobile initiatives without compromising on security.
Enable broadly. Mobility offers tremendous opportunities for organizations of all sizes. Explore how you can take advantage of mobility and develop a phased approach to build an ecosystem that supports your plan. To get the most from mobile advances, plan for line-of-business mobile applications that have mainstream use. Employees will use mobile devices for business one way or another – make it on your terms.
Think strategically. Build a realistic assessment of the ultimate scale of your mobile business plan and its impact on your infrastructure. Think beyond email. Explore all of the mobile opportunities that can be introduced and understand the risks and threats that need to be mitigated. As you plan, take a cross-functional approach to securing sensitive data no matter where it might end up.
Take inventory of your mobile workforce: Since you can’t protect what you cannot see, enterprises and SMBs alike should take inventory of the devices in their organization to gain visibility into how and where they’re being used. Implement consistent security best practices, such as keeping security software up-to-date, encrypting data and operating system patches and hardware information, such as model and serial number. Don’t allow mobile devices to connect to the network unless you have these procedures in place.
Develop and enforce strong security policies around the use of mobile devices that are connected to your networks. It is important to enforce policies related to acceptable use, screen lock, passwords, and application downloads for all users. Also consider implementing policies around reporting the loss or theft of a mobile device.
Q: Despite putting in place sophisticated security infrastructure and enterprise mobility policies, the weakest link in the security chain is often the employee. Are companies doing enough to instill awareness of IT security among mobile workers?
A: With mobile devices now delivering critical business processes and data, one in four Singapore respondents felt that the risks of mobile computing are somewhat to extremely high. They identify the fastest growing risks as spam, phishing and malware. In response to these perceived risks, most organizations are exploring a range of security measures, from antivirus software to remote disabling of devices. When it comes to implementing these measures, however, less than half have taken those steps.
As a result and not surprisingly, businesses here are seeing damages mount due to mobility-related security issues. They have suffered a variety of losses, measured by direct financial expenses, loss of productivity, litigation costs, compliance costs after an attack, and damage to the brand. Within the last 12 months, the average cost of these losses was $237,000 in Singapore.
Q: Some IT security experts have suggested that virtualisation may be the way forward to secure corporate data on mobile devices, especially on devices that are owned by employees. Do you agree?
A: The proliferation of mobile devices has made consumerization of IT in the workplace more complex. According to the Symantec 2012 State of Mobility Survey, 40 percent of IT staff reported that their top priorities are security, reducing the cost and complexity of managing mobile computing, and enabling employees to access as many of the applications as they want. Having to manage multiple mobile platforms and operating systems, organizations are looking to adopt a solution that better supports their needs to effectively manage their increasingly heterogeneous environments.
One potential solution, or at least an in-part solution, for example, is desktop virtualization. Its proponents argue that the best way to simplify systems management is to employ a solution that standardizes and pools IT resources while delivering greater value. However, as with traditional computing platforms, desktop virtualization may not be the best computing model for all mobile users as there is never an effective security approach that is one-size fits all.
At Symantec, we encourage our customers to evaluate new technologies and approaches based on the solution’s real value to IT and the needs of the user community they serve. Virtual Desktop Infrastructure (VDI) has a place in today’s enterprises, albeit less than expected. This holds just as true when looking at smartphones and tablets as access points – sometimes, a local device can be the most suitable platform. VDI is costly, consumes storage voraciously and complicates management. Alternatively, technologies that have been around longer, such as application streaming, may be able to satisfy the manageability requirements in any given situations more cost-effectively, as well as provide greater flexibility of use.