The IT service provider is caught in a ‘hostile swamp’ of mobile device features and companies, and now faces the difficult task of securing important data on said devices, says LogicNow security lead Ian Trump.
The mobile industry has to be one of the most fragmented, dysfunctional technology industries ever created.
You have two opposite business philosophies driving competition for the same customers. In the quality and style category we have Apple, which despite some bugs – like the recent 1970 bug – has focused on security to such an extent the NSA and GCHQ are challenged to break into these phones. Then there are Android phones which are functional, inexpensive but unfortunately filled with security holes.
Layered on top of this environment, mobile security features such as tracking, wiping and resetting are available from the manufacturers, carriers and in the case of Microsoft Office, third-party email providers.
The need for effective mobile phone security needs little more underlining: The 2015 Information Security Breaches Survey reported that 15 per cent of organisations suffered from a breach caused by use of a smartphone or tablet device, more than double 2014’s figure of seven per cent. The survey found that firms are starting to use a series of measures to address the management of these devices.
Roughly half of all large organisations have either defined a strategy for mobile usage (52 per cent), are protecting corporate emails (48 per cent) or are using something for the remote management of devices (49 per cent). 70 per cent of large firms have issued a policy to cover how these devices should be used.
It can be argued Android’s approach to security has been achieved by obsolescence: if you want the most secure phone you need to buy the latest phone, opposite to the Apple ecosystem which frequently pushes updates and has become increasingly protective of its brand – bricking some phones repaired by non- Apple authorised shops for example.
Caught in this hostile swamp of device features and companies is the IT service provider that faces the difficult task of securing important data on devices, which can be riddled with security holes, or so locked down as to occasionally not be able to meet a business requirement.
Adding to this nightmare is the fact a user now may have a phone, tablet, work PC and home PC which the IT service provider needs to look after and secure. What the mobile industry has achieved is the movement of the IT nightmare of manufacture versus carrier ISP versus application vendor down to the consumer, who may be caught in an endless cycle of who is to blame as to why ‘it’s not working’. Achievement unlocked. It’s so bad, the only advice I can give on this subject is pick the brand of phone/carrier ISP you hate the least.
Ian Trump is security lead at IT service management platform provider LogicNow.