SME Toolkit Logo
Partner Logo
Home  > Enterprise Mobile Security Meets User Productivity
 Share  Print Version  Email

Enterprise Mobile Security Meets User Productivity

This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet.

Business users and security experts are at odds over the disconnect between usability and security when it comes to mobile devices, according to a recent Ponemon Institute survey. Mobile device control is literally in the hands of users, and IT professionals responsible for enterprise mobile security must acknowledge the value in ease of use; without user acceptance, security compliance cannot be expected.

Security Versus Productivity

A Ponemon Institute poll of IT and IT security experts, commissioned by Raytheon, found that one-third of employees do their work exclusively on mobile devices, and that figure is projected to reach 47 percent by next year. However, the poll also found that 52 percent of IT professionals believe that, when it comes to enterprise mobile security, practices and protocols were being circumvented for the sake of users' productivity.

Additionally, half of the surveyed security professionals are dissatisfied with their respective company's current enterprise mobile security solutions. This is driven by the additional challenges IT security professionals face. While contending with an expected 40 percent increase in the number of mobile devices under management, the IT security budgets are static or declining, thus limiting device management options. This is coupled with a situation where device management responsibility is often spread across various lines of business, and there is a lack of enterprise-level mobile strategy in a significant number of cases.

Due to historic user resistance to device security management practices and to the structural business hurdles security professionals face, there is a need for new data security practices. An effective mobile security strategy to resolve these concerns starts by realizing that the end user controls the device, and that security will be bypassed if the user experience is ignored. A security strategy that steps back from device-focused to data-focused security, and provides better user experiences in the form of native apps acting as thin mobile clients, is the most likely path to success.

Smaller Scale Does Not Eliminate Security Holes

Midsize businesses may not be tasked with managing thousands of mobile devices, but the risk of a data breach from even a small number of mismanaged mobile transactions suggests that mobile security strategies are still needed. Employees will access business data from mobile devices because it is convenient and often the device of choice, whether the device is business-issued or personal. The business and its data are best protected if the information is accessed through managed channels instead of unsecured workarounds. This may involve developing secured apps for mobile clients to access the data from cloud services.

The end users are not without responsibility for business data security, but it is evolving into a partnership with IT rather than a client-provider relationship. IT security professionals should be prepared to deliver continuous education on current best practices and the state of business data delivery for mobile devices, as well as to receive feedback regarding usability and accessibility. The function of IT continues to move from outside the business to become embedded within business strategy.

This article was written by Jason Hannula.

 Share  Print Version  Email