A recent survey of 1,200 professionals by Deloitte quoted by Tim Wilson of Dark Reading indicated that almost 30% of them believed that rogue mobile devices were present on internal networks and were being used to connect to messaging systems, file servers, and SharePoint sites.
A substantial 87% of respondents believe that important internal infrastructure is at risk from these unauthorized mobile devices. This is a very reasonable belief to have. Mobile devices such as phones & tablets are increasingly used by employees to access critical organizational resources. However while use of these mobile devices grows, and soon exceeds, the use of personal computers to access the Internet – the security of these devices lags behind that of traditional platforms such as PCs. This is in part because most mobile device operating systems aren’t designed around the security of the user in a hostile environment, but instead prioritize performance and ease of use. Things certainly aren’t helped by Application Stores that do only cursory checks to see if the applications they publish are ridden with malware, or by users who side load pirated software on their devices.
As some within the IT community push to embrace the “consumerization of IT” – questions about how these consumerized mobile devices can be secured from malware are often ignored. The charge seems to be to allow mobile devices, no matter how infected and compromised access to important infrastructure as some sort of user empowerment strategy. Pragmatically, with increasing attacks against mobile platforms, leaving the security of these devices to their owners is likely to result in increasing breaches against organizational infrastructure.
The interesting question going forward is whether administrators continue to allow insecure and possibly malware ridden mobile devices to interact with critical organizational infrastructure by attempting to harden the infrastructure itself against inevitable attack, whether they attempt to enforce malware management reporting software onto user’s devices in an attempt to keep them sanitized, or some mixture of both approaches.
Follow me on twitter: @orinthomas