One recent survey suggests one in five organizations has suffered a data breach directly related to a mobile security incident, primarily malware and malicious WiFi, while other reports suggest that exploited mobile devices account for one third of cyber security incidents. And yet, given that, the endpoint is highly under-protected. Unauthorized cloud app use is exploding, 53% of organizations lack a formal BYOD policy, and most organizations still struggle with even the most basic endpoint protections like encryption (only used on 29% of mobile devices), authentication and access controls.
Jason Hardy recently wrote for Security Intelligence, asking the question When It Comes to Mobile Security, How Much is Enough? And that is always the question, when it comes to security. While a layered security strategy is ultimately the best defence, there is a point at which you must also balance out the costs and complexity of having too many layers that in and of themselves become a risk - if employees are circumventing layers, if they are too complicated to use or monitor, they won’t be effective. Additionally, you want to find enough protections to deter most cyber criminals, even if your ultimate security plan isn't bulletproof.
In the article, Tyler Shields, formerly of Forrester Research, chimes in on the topic by narrowing the idea of endpoint security back down to the data being protected. A data-centric approach to mobile security focuses on what is being protected, not where it’s being protected, which is ultimately more important and helps simplify identification of risks and protections.
In the Security Intelligence article, Jason talks about the differences in protecting consumer information (which may be subject to compliance situations) and proprietary company data, neither of which you want to have breached. Recent figures suggest that as much as 45% of corporate data is held on endpoint devices because employees are finding a way to do their work on the device of their choice, and most of that data is at risk.
The article references the IBM Mobile Security Framework as a base point for developing a holistic and layered approach to mobile security. Gaining visibility over the effectiveness of your endpoint security is just as important. Having a persistent connection to a device, and the data it contains, is just another non-intrusive layer of protection that organizations can rely upon to help ensure and prove compliance, maintain accountability around your IP and data, and maintain visibility on the endpoint. To read more about how we can provide a trusted layer of security on the endpoint, reach out to us here at Absolute.