Mobile device security demands surpass reality, survey says
It's no surprise that mobile device security was top of mind in our recent reader survey. Find out what's missing and what IT pros are asking for in mobile security products.
Mobile device security is finally being taken seriously. Although products have been available and industry experts have touted the importance of mobile policies and securing mobile access for years, the current explosion of mobile devices, specifically tablets, is making mobile security a top consideration for average IT shops everywhere.
According to TechTarget's annual SearchMobileComputing.com reader survey, readers identified three major areas in which they expect to see the largest year-over-year percentage increase in investment. They were tablets, smartphones and mobile security solutions.
Readers also overwhelmingly reported that their greatest concerns about extending mobility in general had to do with security. First on the list was the risk of lost or stolen devices, at 65%. The second biggest concern was unprotected consumer devices gaining access to corporate resources, at 54%. Also high on the list was the task of managing access to data and resources, as well as meeting compliance requirements.
Mobile security data protection concerns
Joe Behling, manager of network services at Methodist Le Bonheur Healthcare in Memphis, Tenn., explained his perspective: "The greatest security concern is data protection on the wireless side and loss of the devices. Losing an iPad can be an issue without good provisioning software. This market is still a new and growing area, and needs some time to mature."
Christopher Paidhrin, security compliance officer at Southwest Washington Medical Center in Vancouver, Wash., agreed that the lack of security and data loss prevention controls for mobile devices and remote access present quite a challenge for IT. "Opening up services without appropriate or compensating controls raises risk acceptance to an unmanageable—if not unreasonable—level," he added.
Mobile device management also essential
Readers frequently mentioned mobile device management (MDM) in the same breath as security. Our survey treated these topics separately, with mobile device management as asset management, device control and device tracking; and mobile security as mobile malware, encryption, authentication, data protection, and wipe and lock. However, these topics are closely intertwined. Most mobile device management products on the market contain at least basic security functionality, and many mobile security products are gaining management features. The acceptance of employee-owned devices in the enterprise is making management essential, and some users and experts view security simply as part of a mobile management strategy.
From the research I’ve been doing into MDM solutions, it seems the concept is in its infancy, and much of the documentation is vague. I see no 'perfect' solution to date that addresses all concerns.
Jaymie Costanzo
Mobile management is important for Jaymie Costanzo, desktop systems engineerat Rochester General Health System in Rochester, N.Y. "My greatest security concern is over the management of mobile devices," she said. "We are dictated to be a mixed employee/company-liable environment, and the lack of granular management concerns me….From the research I’ve been doing into MDM solutions, it seems the concept is in its infancy, and much of the documentation is vague. I see no 'perfect' solution to date that addresses all concerns. "
Mobile security products must evolve
According to the survey, readers were employing many different techniques to help deal with mobile device security and management. Remote device lock and wipe was the most common at 45%, followed by end-to-end messaging and data encryption at 35%, and mobile software updates at 23%. On the other end of the spectrum, we found that 22% of our readers were still using individual device management and 20% were using no management at all.
The vendors that readers currently rely on as their primary mobile security providers include Research in Motion (RIM) (32%), Apple (26%), Cisco (19%) and Symantec (17%). This market segment also includes other strong players such as McAfee, Microsoft, Trend Micro and VMware— and readers indicated they were interested in exploring these companies’ security offerings.
Survey respondents unanimously reported that they were looking for security tools that work better than the ones they were currently using and can handle the diverse and unpredictable environments they envision their mobile environments to become.
Behling conceded that his current mobile security products meet his company's basic needs. "Unfortunately," he said, "some of them can make the experience difficult for the end users. Vendors in the market need to refine authentication processes and integrate better with more than just Cisco hardware. Again, the market needs a little more maturity….Vendors like Apple [need to] start working with the business side of the world so that security can be more than an afterthought and make [devices] more enterprise ready."
Paidhrin noted that the compliance needs of the healthcare sector are pushing him to seek out more powerful security tools. "With HIPAA/HITECH, access and accountability go together," he said. "We are looking at DLP solutions to raise our capabilities and content awareness, but need the solution to cover all of the remote means of access."
Although mobile security remains largely uncharted waters, IT professionals are enthusiastic about mobility. The consensus is to proceed with caution. As reader Jeff Mozingo, IT officer at Alpine Bank in Rifle, Colo., said, "Security on mobile devices, especially tablets, still seems to be an unknown at this time. I am concerned with how we will survive the onslaught of the next-biggest-thing, got-to-have-it-now mentality. [But] we are looking at several tablets and how they fit in with security and use [at our company]. "
About the survey: TechTarget Networking's annual survey of SearchMobileComputing.com members was completed in May 2011. More than 360 IT professionals completed the survey. They hailed most commonly from the verticals of manufacturing, government, finance, education and healthcare. Twenty-five percent of respondents identified themselves as mid-level IT managers; 12% as network architects, engineers or administrators; 12% as security managers or administrators; 11% as senior IT managers; and 9% as business executives, managers or staff.
