Mobile devices bring many benefits to organizations, and their professional use has expanded rapidly in recent years. They foster productivity, allowing employees to work remotely. Yet, they also bring challenges in the area of mobile security.

Even though users are incredibly attached to their devices, they can still be lost or stolen – along with any sensitive corporate data that is stored on them. This can put the organization at risk of a data breach that can be costly to its brand and reputation.

This personal attachment to mobile devices is also contributing to the increasing consumerization of IT, where devices are designed specifically with the needs of consumers in mind. Many users are attracted by the latest designs and feel fettered by the lack of choice made available to them by their employers, preferring to use their own devices – even though it means paying out of pocket. As a result, organizations have to grapple with the bring your own device (BYOD) movement, which loosens their grip on the mobile security posture of such devices.

BYOD is relatively immature. A recent survey conducted by LinkedIn, found that just under a quarter of respondents state that personally owned devices are widely used within their organizations and are supported by an official policy for their use. In contrast, 40 percent state that only company-provided devices are in use. But it is something that most organizations will find they have to deal with at some point.

Mobile Security Is a Growing Issue

Hackers, as they turn their attention to the mobile platform, are another security concern. While the amount of malware found on mobile devices is relatively small in comparison to other computing platforms, it is growing rapidly. According to Gartner, more than 75 percent of mobile applications will fail security tests this year, leaving those applications exposed to threats, many of which aim to gather sensitive information. It predicts that smartphones and tablets will be the primary focus of endpoint breaches within two years and recommends, therefore, that organizations focus on data protection in the form of technologies such as application containment.

Other steps to take to overcome mobile security challenges include requiring that users have passwords enabled on their devices, preferably complex ones that they change often. Organizations should also require secure authentication mechanisms be used for connections to potentially insecure networks, such as public Wi-Fi® hotspots. To prevent data loss from stolen or lost devices, organizations should consider technologies that enable such devices to be locked – or even wiped – remotely.

Ensure Any Strategy Is User-Friendly

Of course, any strategy taken to overcome mobile security challenges must be user-friendly. It would be a hard task to convince users to make use of any security technology that impairs the performance of their devices – especially since they are using them for personal as well as work purposes. “The growing trend of using increasingly important services on mobile devices makes it essential to combine increased trust in the device with a seamless, simple user experience,” according to Ben Cade, CEO of Trustonic.

One such mobile security solution is Trustonic for KNOX, which is the product of a deep collaboration between Samsung and Trustonic, a leader in Trusted Execution Environments (TEEs). The technology combines the robust security features of Samsung Knox with the hardware-based security and user-friendly interface of Trustonic. The software itself simplifies user authentication by enabling simpler passwords, protecting against attempts at click-jacking, and increasing end user confidence that transaction approvals are genuine.

In addition to technology, the best way to solve mobile and BYOD security challenges is to educate users about security and their role in safeguarding the organization’s sensitive information. If users are more actively engaged, they are more likely to understand and accept the security measures that their employer asks them to take.

Posts By

Fran Howarth

Fran Howarth is an industry analyst specializing in security. She has worked within the security technology sector for over 25 years as an analyst, consultant and writer. Fran focuses on the business needs for security technologies, with a focus on emerging technology sectors. Current areas of focus include mobile security, cloud security, information governance and data security, identity and access management, network and endpoint security, security intelligence and analytics, and security governance and regulations. Follow Fran on Twitter: @FranNL

View more posts by Fran Howarth