IT sec pros surprisingly cavalier about mobile security best practices
A flash poll conducted at Infosecurity Europe 2014 by Centrify Corporation has found that 94 per cent of IT security professionals use third party applications on their mobile devices for work, with 82 per cent using up to 10 apps.
“Applications are now at the heart of corporate IT and have become a vital part of how employees get the job done whilst either in the office or on the move. Removing access to applications isn’t an option – in fact it would create more problems than it would solve,” says Darren Gross, EMEA Director, Centrify. “But the risk for organisations is that the more cloud-based or mobile apps employees interact with, the more they create islands of identity that become harder for IT to track and manage.”
“How do you authorise access for thousands of employees across multiple devices and platforms? Let alone de-provision them when they leave the company. Identity and access can often be overlooked, but unless enterprises can find a unified way to securely identify individuals, they risk their business coming to a shuddering halt,” he added.
The poll also revealed that of the 169 people surveyed, 7 per cent of security professionals do not believe it is their responsibility to protect corporate information held on their personal device.
A further 8 per cent do not have a password or PIN enabled on the mobile device that they use for work purposes, potentially exposing organisations to risk.
Surprisingly, despite repeated warnings about the risks posed by WiFi networks, 52 per cent of respondents said that they have accessed sensitive corporate information over unsecure networks at locations such as a coffee shop or airport.
Gross concluded, “As the poll shows, the majority of employees are now leveraging more and more applications on their mobile devices. We are now seeing a greater need than ever for unified security identity across multiple devices and platforms, which is why we have created a full suite of solutions – not only to bring security awareness to the enterprise but also provide the best-in-class tools to reliably protect a firm’s personal data and applications from identity-related risks and attacks.”