Although mobile device protection remains a top concern for corporate IT professionals, the business benefits of mobile use far outweigh the risks, a new SearchCompliance.com survey finds.
If an employee of yours leaves the company, then you can delete his entry from the central directory, but that is not reflected in the cloud control.
Mobility was ranked as the greatest risk to enterprise IT computing initiatives if mobile devices are not properly secured, followed by social media security and cloud computing. Despite these concerns, more than 75% of those surveyed said that the benefits of using mobile devices outweigh the organizational risks.
To properly handle the trend, it's important for enterprise IT to rethink how it applies security best practices, said Cloud Security Alliance founding member Becky Swain during SearchCompliance.com's May 16 virtual trade show (VTS) on "Overcoming Cloud Security Barriers for Success," from which the survey statistics were procured.
"It's really enabling the empowerment of the individual," Swain said during her keynote address. "It's important for an organization to look at its traditional procurement controls and processes and understand how best to manage those users and further educate them."
Mobile device protection concerns have forced companies to pay closer attention to specific security processes. The SearchCompliance.com survey of 93 IT professionals found that device data leakage, device loss and unauthorized access control ranked as the top concerns for mobile device protection.
Unauthorized access control was cited by 60% of respondents as "very important" to their company's mobile device security initiatives in the next 12 months, followed by authentication (52%) and data loss prevention (52%).
Access control is often left up to the organization, especially when working in the cloud, said Chenxi Wang, a vice president and principal analyst at Forrester Research Inc., during her VTS presentation. One of the vital aspects organizations must consider is how user accounts are handled, Wang said.
"If an employee of yours leaves the company, then you can delete his entry from the central directory, but that is not reflected in the cloud control," Wang said. "That means that he will continue to have access to the cloud application, which is certainly not something you want to occur."
Spending in 2012 will be concentrated on these same mobile device protection concerns. When asked to select which three mobile security technologies companies would spend more on this year than in 2011, access control (44%), data loss prevention (34%) and authentication (25 %) ranked high among survey respondents.
Encryption (27%), mobile device management (23%) and antimalware (24%) were other popular responses to the spending query. Larry Walsh, president and CEO of The 2112 Group, made the case for using the cloud to augment and complement existing security programs by putting security information and event management [SIEM] services into the cloud itself.
"What makes SIEM as a Service interesting is that it takes the burden of responsibility for developing, tailoring or fine-tuning and managing SIEM applications away from the enterprise," Walsh said. "By contracting it out to a service provider, that expense is being transferred or being assumed by a third-party provider."
Mobile application security was a top concern among respondents as well. Sixty-six percent of respondents said their company puts more resources into mobile application security than in the past.
However, there seemed to be a slight disconnect when it came to mobile application security processes for employees. Half of the respondents said that their organization allows users to access application stores on mobile devices and freely download applications.
More on mobile security
Another 26% of respondents said their organization allows users to download from approved app stores and applications, and only 24% said users are not allowed to download applications to devices at all.
The explosion of mobile devices creates easy opportunities to access these applications from anywhere at any time. Swain said that the trend forces a new approach to IT security, and strategy as a whole.
"The growth of the mobile device … is very outstanding, and is one of the key drivers to this change in how enterprises' workforce functions," Swain said. "This has been compounded by new market pressures to enable innovation. These demands are coming from the business -- and putting more pressure on IT to support this."