In-Depth

Why Securing Mobile Devices Keeps CIOs Up at Night

With mobile security, the devil you don’t know can hurt you much more than the devil you think you know

• By Stephen Swoyer
• 01/15/2008

There's a security concern keeping many a enterprise decision-maker up at night: mobile security.

Recent research from market watcher International Data Corp. (IDC) indicates that organizations are increasingly tapping mobile solutions to expand the all-over reach and productivity of their employees.

"Developments in mobility and mobilization are taking desk-based capabilities out to the far reaches of the business. The availability of devices and enhanced connectivity have allowed organizations to empower far more employees, processes, and relationships in the wider area of the business," said IDC’s Nathan Budd during his address at IDC's annual Mobile Enterprise Conference late last year in Dublin, Ireland.

The issue, IDC says, is attributable in most cases to the absence of strong, top-down mobility leadership. It’s a familiar story: IT takes a hand (to a degree) in managing an organization’s mobile deployments; but IT doesn’t move fast enough for users, who circumvent IT policies and requirements by what IDC calls a "side-door" route.

The result, IDC says, is a growing prevalence of "rogue" devices in the enterprise. That’s what’s keeping CIOs and CTOs up at night: not the devil they know (the loss, theft, or breach of authorized mobile devices) but the devil they not only don’t know but can’t accurately estimate.

There are several wrinkles here, according to IDC. Not only does the use of unauthorized mobile devices open the door for security breaches or for (potential) malware mayhem, but it’s proof positive that many employees simply aren’t happy with the mobile-working capabilities provided by their employer.

As a result, IDC indicates, security is now Concern Number 1 for customers who purchase wireless technology solutions. Surprisingly, vendor reputation was the least influential criteria.

Nearly three-quarters (70 percent) of organizations have implemented security policies to control the use of mobile devices. That’s encouraging, but it represents an increase of only 2 percent from last year’s levels. The bottom line, IDC argues, is that organizations are struggling to keep up with the requirements of an ever-increasing mobile workforce.

Elsewhere, IDC says, fewer organizations are purchasing mobile solutions from ISPs or telecom providers: that number dropped from 66 percent in 2006 to just over half (55 percent) in 2007. On the other hand, the number of enterprises purchasing mobile solutions from manufacturers or vendor sales representative increased to 43 percent last year (a 16 percentage-point increase).