Last year, we made a number of predictions for mobile in 2013, many of which we've seen come true. We've seen an increased focus on CoPE in addition to BYOD, a dominance of Android sales soon to flood the enterprise and an increased number of threats targeting mobile devices. As we move into 2014, we see a number of trends playing out over the year:
Whether BYOD, CoPE or corporate-owned, it's becoming more commonplace for employees to move away from desktops and rely solely on mobile devices: laptops, smartphones, and tablets. Rather than choose, many employees are integrating 2-3 devices into their work routine.
There will be an increased demand on IT to support multiple device types with on-demand services, in-house apps and support, while IT will also need to ensure data security requirements are being met. Many businesses will struggle with control over an ever-increasing device fragmentation, leading them to the below point.
When it comes to mobile policy, and BYOD policy, focusing management and endpoint security with devices in mind is both inefficient and expensive. Devices change too frequently, with too many device types leaving IT to juggle too many factors and operating systems. When IT shifts focus to managing data, not devices, mobile policy is simplified and data security is strengthened.
When you define your data by the individual, you have a greater control over understanding what data access is needed, where the data is being used and how to respond if a security incident occurs. The approach may sound very open, but it's not; devices that do not meet minimum security requirements can be blocked from accessing the network and BYOD devices need to be registered and controlled in the event the device becomes non-compliant.
While we expected to see more data breaches attributed to mobile phones, laptops are still the clear leader in terms of data breaches. We believe a lack of IT understanding of where data resides is currently obscuring the fact that data is being breached from mobile devices. If IT doesn't know what data is on smartphones and tablets when they are lost or stolen, they won't know data has been breached. 1.6 million smartphones were stolen last year in the US in 2012; some of those held confidential data for sure!
It's the sad truth that it often takes criminals to find crime. We believe that it will take a highly publicized data breach attributed to a mobile phone to draw attention to the data security risks of mobile devices.
It is expected that by 2016, 40% of enterprise-supported mobile devices will be Android. We think 2014 will start to put the pressure on IT departments to shift focus for in-house app development and support from iOS to Android.
Given the shift towards BYOD for at least part of the enterprise computing needs, having a strong MDM program will become a basic piece of technology for managing these endpoints.
Currently, 90% of employees in the UK admit to accessing corporate data on a personal device, even when against policy, and 66% admit to saving confidential data. We see similar data coming out of the US, showing that there's a general lack of employee concern for data security when it comes to using or storing it on personal devices (laptops, smartphones, tablets).
The top mobile security concerns in the enterprise are currently lost/stolen devices followed by cloud-based storage and malware concerns. These concerns will drive the priorities of IT spending towards endpoint security and data security.
As with the need for MDM technology, more enterprises will begin focusing on persistent technologies for the endpoint, including tracking & security and data loss prevention (DLP). Having technologies that can easily manage all device types from a single console, with controls based on users and data instead of devices, will allow IT to gain control over endpoint and data security despite an employee's bad habits!
While it may be dubious as to whether the cloud or the endpoint is the more secure place for data, we will nonetheless see a big growth in the use of cloud services. Whether approved or not, employees are making use of private clouds for corporate data, just as they routinely use personal devices to access and store corporate data.
Enterprises will face challenges in defining what kinds of cloud services are allowed under corporate policies and in tracking data to ensure it is not being moved to the cloud against corporate policies.
As one of the top security threats for 2013, we expect to continue to see an increase in mobile malware in apps as well as a shift in the attack methods used on mobile devices, particularly on social media. The increased used of mobile payment systems will attract additional cybercriminals.
Despite the hype of mobile attacks, and its growth, cybercriminals are still focusing attention on easier attack vectors that offer larger data payouts, so don't disproportionately skew your budget based on fads.
We hope these predictions will prove helpful in your security planning. As with all trends, it's important to perform regular risk assessments to identify and address the specific vulnerabilities of your organization.
Absolute Software is the industry standard in persistent endpoint security and management for computers, laptops, tablets and smartphones. We deliver state-of-the-art IT asset management—allowing organizations to reduce IT costs, address regulatory compliance, combat computer theft, and optimize the productivity of their computer, netbook, and smartphone devices. Learn more here.