Mobile device security is hot. In Symantec’s new survey of 6725 organization in 43 countries identified it as the top computing initiative risk (41%) — a greater area of concern than public cloud computing (35%). Symantec has followed up the survey with announcement of several enhancements to its mobile device management and security capabilities, which I’ll outline a bit later in this post.
The Symantec survey reveals that smart phone business use has gone well beyond email, web browsing, contacts, calendars, instant messaging, and social media applications. But at least half and in some categories more than 70% of the companies are using smart phones for things like CRM, line of business apps, task and project management and office applications. Smart phones are already mainstream business devices.
Some organizations are very concerned about this level of exposure. A quarter of the respondents rate mobile computing as a high or extremely high risk. The losses they’ve incurred, an average of$429,000 in the past 12 months, that are attributed to mobile computing security reflect this. Lost productivity (33%) was the most serious loss category, followed by direct financial costs (31%) and lost data (23%). The loss categories parallel what you would expect with any security events: brand reputation, post-incident compliance, customer trust, fines, lost revenue, etc.
Symantec’s focus on its mobile computing security initiatives reflect both the genuine security needs and the fast-growing market opportunities in a business technology environment that is changing by breathtaking leaps rather than evolution. Most security vendors are moving full throttle into the mobile security\management arena (both Symantec and McAfee announced enhanced mobile security capabilities today).
The enhancements come in several areas:
Mobile device management (MDM): Particularly in BYOD environments, enterprises need to manage devices across several platforms (Apple, Android, Windows, Blackberry), exercising some level of corporate oversight, security and control while navigating and enforcing the very tricky policy areas surrounding what you can and cannot do with phones you do not own (for an excellent explanation of the policy issues presented by BYOD, see my Q&A with mobile security expert Kevin Johnson).
Symantec Mobile Management is adding support for Android and Windows Phone 7, which, added to support for iOS, brings its coverage to a level at which it can speak in practical terms of addressing enterprise needs. The release supports both platforms for things like policy management and implementing and managing an enterprise apps store. The new release also allow enterprises to manage smart phones through the Microsoft Systems Center Configuration Manager, which is widely use for endpoint management.
Mobile Threats: Mobile malware is small change compared with the tens of millions of new malware samples introduced annually for Windows PCs, but the threat is clearly growing quite rapidly. As every other AV vendor, Symantec has stepped up its antimalware efforts on mobile devices, particularly on the consumer side. As I mentioned, Android has been particularly vulnerable because of the number of malicious apps introduced on the platform. Symantec introduces anti-malware on Android devices on the enterprise level: scanning for malware, detecting and removing malicious apps, and adding safe browsing capabilities through web and malware reputation checks.
Enterprise security integration: With the increased use of smart phones for storing and sharing sensitive information, particularly via corporate and personal email accounts collocated on the same devices, and the need for secure remote access, Symantec is integrating its data loss prevention (DLP) and authentication tools for mobile devices on an enterprise scale.