You are currently on IBM Systems Media’s archival website. Click here to view our new website.

POWER > Resources

The Right Perspective

Mobile security revolves around protecting an organization’s data.



Share |

Mobility is both a blessing and a curse. It enables employees to be more productive at the office and on the road but it can also leave an organization’s business-critical assets—its data—vulnerable.

Connecting via public Wi-Fi or by bringing your own device (BYOD) to work, employees are embracing the ability to access an organization’s data from anywhere. Many people know the dangers of accessing data from a laptop computer while sitting in the airport, but what about the sensitive data residing on your smartphone? That data is at risk, too.

The positive and negative attributes of mobile computing are highlighted in the results of the recent mobile computing survey conducted by Signet Research Inc. for IBM Systems Magazine. Respondents said the main business benefits expected from mobile computing are improved employee productivity (68 percent), better customer satisfaction (63 percent), competitive advantage (54 percent) and business process improvements (53 percent).

The biggest business driver is employees wanting to use personal devices for work purposes, according to 56 percent of respondents. The second biggest driver is customer-requested mobile solutions, according to 44 percent of the participants. Other drivers include business partners asking for mobile access to information, keeping up with competitors who have mobile solutions and initiatives begun by C-level executives.

Despite the growing BYOD trend, more than 70 percent of respondents said their companies provide mobile devices for their employees. Of the devices provided to employees, 60 percent are Apple iPhones, 52 percent are Apple iPads, 50 percent are BlackBerry phones, 46 percent are Android phones and 21 percent are Android tablets, according to the survey.

Security is the main concern respondents have about mobile computing, according to the survey—70 percent pegged it as the No. 1 worry. When asked about mobile computing topics of interest, application and data security was a key response (61 percent) followed by database access from mobile device (59 percent) and mobile computing policies (39 percent).

It’s a hazardous world

From an IT perspective, mobile computing can be like entering hostile territory because the IT shop no longer has control over the devices and the data. Mobile computing “makes the IT shop’s job harder,” says Patrick Botz, security expert and president of Botz & Associates. “IT may need to learn new technologies that haven’t been on its radar,” he says. And the security aspect is heightened by mobile. “If IT doesn’t have control of the environment in which the device is used and doesn’t have the expertise to manage it, then there are greater concerns about security,” Botz adds.

Yet the issues around security are no different from those that have existed for some time. It really boils down to protecting company data. “The threats are the same whether the data is being delivered on a mobile device, a laptop or a desktop,” Botz says. “What’s different is that the environment in which that mobile device is being used is more dangerous because it’s outside of IT control. When you are using your mobile device at home or on a plane, IT isn’t protecting the perimeter. You’re in a sea of potential threats that don’t exist when you are within the company intranet. You’re behind enemy lines.”

What can IT do to cope with this? Most importantly, write clear policies designed to protect the data, Botz says. “Policy precedes risk management because otherwise there’s no way to define your risks accurately,” he explains. “But the average IT shop mistakes policies with procedures.” If security level 40 is required for the IBM i, that’s a procedure used to enforce policy. “The reason you use security level 40 is because you have an implicit or explicit policy that people should only be able to access data necessary for them to do their job,” Botz says. “If you first define who can use which data for which reasons—that is, policy—on mobile devices, then defining and implementing procedures to protect mobile data will be much more straightforward.”

Education is necessary to make sure employees are aware of tools or are provided tools that can significantly help protect data. They should also be made aware that altering devices won’t be tolerated through jailbreaking or rooting, terms that refer to running software or code on a device that bypasses device security mechanisms. While the number of employees who alter their mobile devices through jailbreaking and rooting might be small, IT should have policies about those practices. And those policies should include banning such devices from accessing company information, according to Botz. Every IT shop must have someone with expertise in mobile computing who is responsible for ensuring devices are properly configured.

Shirley S. Savage is a Maine-based freelance writer. Shirley can be reached at savage.shirley@comcast.net.

X-Force Value Factor

IBM team monitors IT security and mobile security trends.

Advertisement

2019 Solutions Edition

A Comprehensive Online Buyer's Guide

Search Now

Advertisement

IBM Systems Magazine Subscribe Box Read Now Link Subscribe Now Link iPad App

POWER > TRENDS > WHAT'S NEW

Analyzing AIX User Survey Results

POWER > SYSTEMS MANAGEMENT > SECURITY

Mitigating Risks

Mitigating Risks

POWER > TRENDS > WHAT'S NEW

Survey Says