The number of mobile phone users is growing, and isn’t expected to stop any time soon.
In 2015, 57 percent of the world’s population had a phone (about 4.15 billion phones). This is estimated to increase to 63 percent of the world’s population — about 4.78 billion phones — in 2020. That’s an increase of 600 million, and about half of those will be smartphones. The U.S. and Europe are estimated to clock in next year at between 80 and 90 percent smartphone penetration among mobile phone users.
In this clear and obvious shift towards smart mobile devices, what’s in store for enterprise IT teams? At the risk of stating the obvious: Most, if not all, of your staff have smartphones. And most of those phone owners want to have one phone for both personal and business use.
It all turns into a simple equation: More smartphones means more business users, and that equals a need for greater security.
How It Impacts Your Business
All of these smartphones can fit into the enterprise security infrastructure in various ways. With Bring Your Own Device (BYOD), enterprises put a light management footprint on end-user phones, trading off a lower level of enterprise integration, and lower risk, for a less intrusive presence.
And then there are options such as Choose Your Own Device (CYOD) and Company Owned/Personally Enabled (COPE) that move the dial further toward a company-controlled device. These are more tightly integrated into enterprise applications, but still allow personal use — the preferred option for most business users who don’t want to carry two smartphones around.
More and more enterprises are moving toward carefully secured platforms. It’s not just a question of penetration of smartphones — it’s user preferences. People would rather use a smartphone or tablet for many business applications, especially in mobile and customer-facing workforces. Build a solid program for device mobility, and almost everyone ends up happy.
As smartphones continue to integrate with enterprise applications and data streams, the risk of a data breach through a smartphone rises, creating the paramount need for enterprise-wide mobile security requirements and bulletproof policies.
Breaches are already big news. But it’s not just the number and cost: it’s where they come from. Verizon’s famous Data Breach Investigation Report identifies nine patterns for data breaches. While some of the obvious ones, such as poorly secured Web Applications, don’t really change with the influx of mobile devices, there are two that IT managers should be paying attention to: lost and stolen devices, and crimeware. Both have grown, from 6 percent of all data breaches in 2013 to 15 percent in the latest report.
What does this mean for security-conscious IT managers? Because smartphones are constantly being lost and stolen — Kensington estimated that 4.3 percent of company-issued smartphones are lost or stolen each year — securing smartphones is a clear first step. Devices need to have password protection and encrypted local disks, and applications should be designed to minimize sensitive data that lives on the device. Use of multifactor authentication, such as a home/work profile, adds another level of security against data breaches in case of loss.
Mobile malware is another key area for smartphone protection. User devices should be restricted to known application sources, such as Google’s Play Store, and not be able to range around the internet. Of course, Google Play has had its share of malware as well, so home/work profiles are another excellent way to keep malware in the home side of the device from stealing data from the work side. Other protections, such as requiring VPNs on open wireless networks, can help reduce the likelihood of credential theft or drive-by downloads.
Many IT managers have let mobility and the smartphone revolution slowly grow without realizing how significant the security issues are. Now is a good time to zoom out and rethink old BYOD or head-in-the-sand mobility policies to be sure that the enterprise’s critical data is properly protected.
Learn more about how to handle enterprise mobility security incidents with this free white paper.