No one should be surprised that there's cause for concern over mobile security for businesses of all sizes: with more than 2.2 billion smartphones and tablets projected to be in the hands of users by the end of 2014, many of them sharing duty between personal and professional uses.
But it isn't necessarily the devices themselves that are so vulnerable, it's the design of the applications being used on them along with the fact that many smaller and midsize companies still look the other way when it comes to Bring Your Own Device (BYOD) strategies, according to market research firm Gartner.
In fact, Gartner analysts figure that up to 75 percent of all mobile security breaches will be the result of misconfiguration. Among the most vulnerable: Android devices that have been jailbreaked, or altered at the administrative level.
"Mobile security breaches are – and will continue to be – the result of misconfiguration and misuse on an app level, rather than the outcome of deeply technical attacks on mobile devices," said Dioniso Zumerle, principal research analyst with Gartner, in a statement. "A classic example of misconfiguration is the misuse of personal cloud services through apps residing on smartphones and tablets. When used to convey enterprise data, these apps lead to data leaks that the organization remains unaware of for the majority of devices."
That's a great opportunity for smart solution providers, enterprise mobile app developers and managed service providers who can provide some much needed discipline around mobile devices, even if they don't happen to be owned by the business that needs their help.
Gartner offers five recommendations for where to focus:
- Convincing companies to establish and enforce enterprise policies, such as the need to keep operating systems up-to-date or to retain certain settings. If users don't comply, shut off their access.
- Setting a minimum passcode policy, one that meets the same rigorous needs of the company's other applications.
- Establishing a list of approved devices and operating systems.
- Restricting the use of certain third-party app stores on devices used to connect to business data.
- Requiring signed apps and certificates for devices seeking apps to corporate email, virtual private networks, or "shielded" apps.
Sounds like an evolution and maturation of the mobile device management marketplace, just in time for the IT channel to take advantage of VMware's offerings in this space, acquired through its buyout of AirWatch.
For more, see the CRN report, "BYOD and MDM: 10 Vendors That Get It."