Enterprise risk management strategy: A planning guide for CIOs
A comprehensive collection of articles, videos and more, hand-picked by our editors
Each month, the CIO Media group at TechTarget will be featuring an emerging technology and discussing its potential impact for CIOs and their organization. In this installment of Future State, site editor Ben Cole discusses a new consumer-focused mobile technology security tool and finds out if it will benefit corporations.
BYOD and mobility in the enterprise setting can boost employee satisfaction, improve production and even reduce costs. It also increases risk: Something as simple, and common, as a lost or stolen mobile phone leaves sensitive business and customer data vulnerable. And let's not forget the havoc wrought on a company's reputation when a breach occurs.
As employee mobile device use for work purposes continues to become more prevalent, it's forcing companies to reexamine enterprise mobile security processes. Bring your own device policies often stress the importance of educating the user on their enterprise mobile security roles and responsibilities. After all, they are the first line of mobile security defense, and are usually the first to realize when a device is lost or stolen.
Putting mobile security in the hands of consumers is the idea behind Absolute Software's LoJack for Mobile Devices. Through a partnership with Samsung, the mobile device maker has embedded Absolute technology into the Samsung GALAXY S4 that, for a yearly subscription rate, provides users the ability to remotely lock, locate their device or delete sensitive files. The system also allows consumers to see where the device is on a map, and the "Absolute Investigations and Recovery Services" promises to work with law enforcement globally to get the device back.
Although the ability to remotely wipe data is not a new concept, the LoJack system offered through Samsung's Galaxy S4 is unique because the hardware and software mobile security tool is designed to survive a hard reset or wipe. It's designed to make the S4 phone tamper-proof, and once installed and activated LoJack cannot be removed -- even if the device is restored to factory settings.
Barry PorozniThe Reinvestment Fund
The features can benefit corporations as well as individuals, said Mark Grace, VP of Global Consumer Business at Absolute Software. Many mobile devices now contain not only personal information, but sensitive company data as well. As a result, the ability to remotely delete content ensures information will not be misused or given to competitors if the device is lost or stolen, he said.
The S4 is also the first smartphone to carry this type of technology – but its features will no doubt catch on with other carriers if it proves successful in protecting mobile information. Last week, Google got in on the act and announced the release of the Android Device Manager. Consider the statistics: The Federal Communications Commission has reported that approximately 40% of robberies in major cities involve mobile phones. Smartphone theft has been labeled a nationwide epidemic, and some lawmakers are even pushing for more anti-theft options.
Corporations need to be listening to these warnings, and perhaps they should consider mobile security tools that put more responsibility in the hands of employees. As mentioned above, consumers are the first line of defense when it comes to mobile security. The ability to quickly track the phone to determine if it is the hands of a potential hacker, and to completely wipe the device if they think sensitive data is vulnerable, could provide huge benefits in the business setting as employee mobile device use continues to spread.
Protecting company data is, first and foremost, priority number one for businesses when it comes to mobile devices, said Barry Porozni, CIO at The Reinvestment Fund (TRF) in Philadelphia. "If something happens, the employee loses it, it gets lost, it gets stolen, the first thing you have to think of is 'what's on there that is at risk to the company?'" Porozni said.
Companies that allow personal mobile devices for work purposes open the door to whatever data stored on the device being at risk, he added, so organizations need to be able to protect themselves.
"Something that can remove the data securely is something you need to have," Porozni said. "I don't think organizations should even consider deploying the devices unless they can do that."
What do you think? If LoJack and technology like it is incorporated in the corporate setting, will it improve enterprise mobile security? Voice your opinion in the comments, we'd love to hear from you.
Podcast: When securing mobile endpoints, start with strategy
Six steps to ensure your business is ready for mobile applications