Over three-quarters of workplace smartphone users believe they expose their business to attack.
A recent survey found that eight out of ten respondents believe smartphones expose their business to attack, with data leakage cited as the top security concern. Graham Titterington, a principal analyst at Ovum and author of the report, told SC Magazine that there is a large quantity of mobile devices supplied by large organisations and often security was put ahead of costs.
“The uses of mobile devices are still weighted towards social networking, email and collaboration portals rather than accessing the customer relations model. When it comes to security there is more fear of the unknown and the numbers of people who reported actual losses are actually quite low, but about 60 per cent are afraid of personal devices being used as a conduit for malware getting on to the network, while about 40 per cent are concerned about a compliance knock-on failure,” he said.
“There are a whole lot of technologies being used but not overwhelmingly, the main one is remote device wiping, while securing access to corporate data is done at the application level.”
The survey also found protection is randomly implemented. Among the 52 per cent of organisations that use some form of authentication for mobile users, 62 per cent rely on simple username and password sign-on, while only 18 per cent use Public Key Infrastructure (PKI) certificates. Just nine per cent utilise two-factor authentication featuring one-time passwords.
Rick Chandler, treasurer of the European association of e-identity and security, said that in the last year social networking had taken off and a large amount was done on mobile devices.
“The devices do not have intrinsic security built in, so there is a big awareness thing to be done and that is where the security business can deliver stuff.”
Frank Bunn, senior manager of communications service providers in the global industry solutions team at Symantec, said that there is a low security usage on mobile devices, with generally only simple protection with password authentication, because there is no one overall operating system, like with Windows on PCs.
Bunn said: “There is still confusion about the role of the operator; should the mobile operator just provide connectivity or should they be in a position to bring value added services to the table? In our mind they are in a really good position to provide some level of security because all of the traffic is flying to his network and he can intercept not just for own interest, but it is also about providing a service.
“There is a lot of security that the provider can bring to the table and we think that they need to provide a layered approach.”