Mobile devices. We use them every day for storing data and executing tasks, from any location, through personal email, social networks, location services, and online banking. As mobile technologies revolutionize our daily lives, greater numbers of employees have requested them in the workplace. Fifty-eight percent of employees now use smart phones provided by their companies.
Image Source: http://www.esecforte.com/
But while mobile brings the potential to transform traditional business processes and increase productivity, it presents major risks and challenges to the enterprise. Are such devices truly securable, and can they be secured without sacrificing the functionality and convenience which make them so desirable?
Jim Routh, Global Head of Application Security at JP Morgan Chase & Co, recently visited the Global Enterprise Technology (GET) Program to address this question in a lecture on Mobile Security. Jim’s experience in overseeing the organization’s numerous mobile offerings drew students interested in such topics as identifying mobile risk to formulating security strategy.
A few of the highlights…
Growth of Mobile
Smart phones are rapidly becoming the computing device of choice for both employees and customers. Mobile adoption rates show that from 2008 to 2010, the number of smart phone users grew from 23 to 59 million, a number which is expected to grow to 138 million by 2015. Other surprising statistics noted by Jim included:
The data illustrates three undeniable trends: users are spending more time on the phone, more transactions are going mobile, and more sensitive data is now being stored on mobile devices.
With more sensitive data being held on smart phones, new security threats have emerged. Mobile users list remote access by hackers, interception of calls or data, device theft or loss and the installation of malware and viruses, among their greatest concerns. Many of the threats that originated online are also moving to the mobile environment, including Distributed Denial of Service (DDoS) attacks, Zeus botnets, and “hactivist” groups such as Anonymous.
To lower these inherent risks, companies are evaluating the threat landscape on three dimensions:
Mobile devices have enhanced authentication capabilities– lacking in traditional web interfaces- which share information about who is using the device. Emerging authentication methods include:
Though the inherent risk of mobile is high, authentication technologies have the potential to make mobile residual risk lower than it is for conventional work stations. The challenge for companies will be continuing to reduce the residual risk of mobile-without invading the privacy of users.
As a mobile user, how much of your personal privacy would you be willing to lose in order to ensure that your device and sensitive data are secure? Tell us your thoughts in the comment section!
Jane Zamarripa is a first year Masters student in the Information Management program at Syracuse University. As a result of her experience working as a constituent services representative, she is passionate about exploring the ways in which technology can be leveraged to improve citizen interaction with government. She holds a B.A. in International Affairs from the George Washington University in Washington, D.C.