Register now!

Sept. 28 - Oct. 3, 2013

DataWeek 2013 Conference and Expo
Browse DataWeek News and Submit Articles

Why Mobile Security is All About the Data

Mobile malware may dominate headlines, but according to the recent Linkedin Information Security Community survey of 1,600 IT administrators, data loss is a bigger priority in their organizations than malware (75% versus 47%). With 28% of corporate data accessed through mobile devices, it’s no wonder they’re concerned.

Today,62% of workers use their personal smartphones for work. While the majority of these users are not thinking about the security of corporate data, corporate security teams need to be on alert and proactively addressing the risk. As a former CISO, I have faced this problem first hand. I remember the moment when we began to trade user experience for the sake of security. My job became all about saying, “no” which didn’t work then, and increasingly won’t work now, in a world where users can bring their own apps and devices to be more productive. A mobilized workforce means increased flexibility and productivity, but it also means a dramatic shift in the way that organizations handle security.

While most organizations make investments in mobile management, the majority of solutions available today focus on IT asset management and configuration of devices, not on securing data, enterprise access, and the end user. The old model of data protection in a walled garden just doesn’t apply to the ever-changing enterprise where data flows in and out of SaaS services through employee-owned devices. The wave of mobile security threats we see rolling in means that we must begin with a new approach to address both threats and user needs so they won’t need to go around IT controls to do their job.

(Users have shown themselves to be highly effective in circumventing mobile security controls with a quarter of them having done so to get their jobs done, and when given a choice, they will simply not participate in BYOD programs.)

To avoid a user rebellion, we must embrace mobile security that doesn’t sacrifice user experience or enterprise security needs thus allowing users to be productive with the apps and devices they need. And to that end, begin the long and important process of building a data security model that fulfills, and does not conflict with, the spirit of BYOD.

About the Author:

Adam Ely is the Founder and COO of Bluebox. Prior to this role, Adam was the CISO of the Heroku business unit at Salesforce where he was responsible for application security, security operations, compliance, and external security relations. Adam was named one of the top 25 security influencers to follow in 2012 for his industry contributions and is the author of the forthcoming McGraw-Hill book, Information Security Business & Strategy Essentials.  Follow Adam on Twitter @adamely.