Promoting Mobile Security in a Consumerization-of-IT World

An interesting tidbit comes from mobile device management company Mformation. It turns out that CIOs aren’t thrilled about IT consumerization, specifically when it comes to employee-owned mobile devices. Results from the Mformation survey show that 67 percent of businesses are concerned about protecting their corporate data since the the WikiLeaks affair. But there’s a lot more happening on the mobile landscape that’s causing more security concerns …

First, however, the survey: Conducted by Vanson Bourne, the surveyed took the pulse of 200 CIOs from the United States and 100 from the United Kingdom, all from companies with more than 3,000 employees. The results are interesting, to say the least — according to the survey results, 78 percent of CIOs don’t know what devices are connected to the corporate network, and 77 percent of enterprises don’t know what data is lurking on all of those devices. Only one in three can track these devices, and only half of all those surveyed said they could secure these devices should they be lost or stolen. Three-quarters of those surveyed said that “security headaches” are actually caused by the mobile devices. So it’s time to get a mobile management solution, right?

Mformation’s agenda aside, there are some pretty serious implications to these surveys. Even in a perfect world with no bad guys and malware, the uncontrollable flow of private data is an issue.

It becomes more of an issue when that device isn’t secure. Recently, a piece of malware got into the Android marketplace with the potential to allow nefarious activities by stealing personal phone information like the International Mobile Equipment Identity number and the SIM card’s International Mobile Subscriber Identity number. Google responded by forcing an over-the-air update that eradicated this malware, dubbed Android Market Security Tool March 2011. Symantec discerned that a developer in the marketplace had downloaded the official Google package, inserted his or her own code into it, and resubmitted it to the marketplace with the same title, sans “March 2011.” The repackaged program contained malicious code, allowing the phone to send SMS messages — unknown to the user — if remotely commanded to. No doubt about it, these hackers are dogged, and the perception exists that valuable information is stored on smartphones.

Here at The VAR Guy we’re constantly talking about the excitement and buzz around the consumerization of IT, but let this be a warning: Lock down your devices before you use them.

Sign up for The VAR Guy’s Weekly Newsletter, Webcasts and Resource Center. Follow The VAR Guy via RSS, Facebook and Twitter. Follow experts at VARtweet. Read The VAR Guy’s editorial disclosures here.