|Topic:||Mobile information security: An emerging challenge |
for global businesses
|Author:||Muhammad Amir Malik|
Amir Malik is presently working as Chief Executive Officer, COMSATS Internet Services. He has also served as Member IT at Ministry of Information Technology, Managing Director at Pakistan Software Export Board and Chief Executive of Pak Datacom Limited, Pakistan. He has previously worked as Head of Regulatory Compliance at Ufone, PTML and at Pakistan Telecommunication Authority (PTA) in the capacity of Director (ICT) for four years.
Recapitulating his previous professional work experience, he has worked as Senior Technical Support Consultant at SAP AG, Research Engineer with Air France, Smartcard Programmer at Schlumberger and Site Installation Engineer at Alcatel CIT.
Amir completed his Bachelors of Electrical Engineering in 1997 from National University of Science and Technology, Pakistan with Honors having a CGPA 3.748/4. He then completed his Masters of Computer Science and Telecommunication Engineering with Honors from ENSIMAG, INPG, France in 2001.
It is now common practice for employees to use their personal smart phones, tablets, or hand-held devices for accessing official emails and data, which in turn has led to an increase in security issues for companies. The major challenge faced by most ICT companies is to protect their data from theft and other breaches.
As the world becomes more unified, incorporated and intellectual, mobile phones are playing a growing role in altering the way people live, work and communicate. Smart phones and tablets are also being quickly adopted by enterprises as new work tools. At the same time, mobile phones cause enduring apprehension for Information Technology teams responsible for information security. The use of mobile devices for business has experienced exponential development in the last few years and will only go faster in the near future. A few years ago BlackBerry was considered the de facto mobile device for business but innovations in other smart phones and tablets like Android, Apple iOS and Windows significantly changed user perceptions. Employees now bring their own mobile devices to offices. These new devices have improved performance, offering a more robust platform with an increased bandwidth, good voice quality, faster video streaming and email. However, this emerging technology has also brought an increased security risk to organizations.
A comprehensive survey carried out in Pakistan by Paradigm Technologies on mobile security threats for businesses has shown an excessive use of mobile devices on corporate networks. Mobile devices have brought an increase in employee productivity, improved client services and reduced IT costs. The survey depicts that over 55% customers are inclined towards Android platforms, 23% use Apple iOS, 14% use Windows and the remaining 8% are using Symbian, BlackBerry and other mobile operating systems. The results were gathered by interviewing over 500 IT professionals representing a variety of industry verticals, and by visiting 39 organizations throughout Pakistan.
Figure 1: Usage of Different Mobile Phones’ Operating Systems
Fast communication and prompt availability has become a priority for today's organizations, and consequently, employees find it indispensable to use mobile devices to connect to their business networks. The survey implies that there is a huge increase in usage of personal mobile devices in ICT companies which are connected to the corporate network. As per the survey, around 67% of personal mobile devices are connected to corporate networks and 33% are allotted from companies to their employees.
Figure 2: Usage of Personal and Corporate Mobile Devices at Work
It is now common practice for employees to use their personal smart phones, tablets, or hand-held devices for accessing official emails and data, which in turn has led to an increase in security issues for companies. The major challenge faced by most ICT companies is to protect their data from theft and other breaches. In Pakistan, the success level of IT organizations in protecting their data is 61%. Correspondingly, the success of access control rate of corporate networks is 22%, update rate of devices is 11%, and managing security measures for different mobile operating systems is at 6%.
Figure 3: Success Levels of Facing Mobile Phone Security Challenges by IT Companies.
It has been observed that as compared to last year, there is a huge increase in the information stored on mobile phones. Application installation on mobile devices has increased from 17% to 40%. Corporate information storage has increased eleven points to reach 66%. Personal data stored by users on mobile devices has increased from 53% to 59%.
Figure 4: Comparison of Information Stored on Mobile Devices.
Mobile security threats can have a high impact on the business community. The survey ranked different security threats where the most harmful threat has been factored as the first, and the last one was the least harmful. As shown in the graph, malicious applications that are downloaded on mobile devices are ranked number 1; mobile devices which are not password protected are ranked number 2, users frequently changing their mobiles are ranked number 3, updating mobile devices is ranked number 4, stolen mobile phones have been ranked number 5, and not properly following Quality of Service standards for security measures is ranked at number 6.
Figure 5: Ranking the Impact of Different Threats on Mobile Devices.
Several possible issues can occur because of mobile security breaches such as loss of corporate information, loss of personal information, costs for replacing stolen devices, data corruption due to malware attacks, and various organizational violations. Corporate information loss is indicated as 52%, replacement of stolen devices is 18%, data corruption rate is 16%, organizational violations are 8% and personal information loss is 6%.
Figure 6: Issues while Experiencing a Mobile Security Breach.
Another perspective of the survey revealed that mobile platforms are the biggest security risk for businesses as they have many security loop-holes. Android, the most frequently used mobile operating system in Pakistan, has the maximum security risk indicated at 61%, followed by Windows at 19%. After that comes Symbian, BlackBerry and other mobile platforms at 14%, and Apple iOS has the least security risk standing at 6%.
Figure 7: Security Levels of Mobile Platforms
Mobile phones have also adopted compatibility with file-sharing sites such as Drop Box, Google Drive and iCloud, as mobile users and corporate organizations found it to be an easier medium for file and data sharing. Most organizations act according to their own policies related to access rights and privileges. Some policies allow employees to access and share data on the cloud based on their job roles and responsibilities, whereas other policies restrict any form of data cloud sharing to control the threat of security breaches. According to the study, about 41% of organizations allow their employees to share data on the cloud, 37% of organizations do not give employees access to any such site, and 22% of organizations allow access to employees at a customized level.
Figure 8: Access of Mobile Devices on Cloud.
As is evident from the key findings of the survey, the growth in the usage of mobile devices will mushroom at work places, as more mobile platforms and useful applications continue to approach the market. With constant advances in mobile technology, the challenge of countering mobile related security threats is ever increasing. Organizations must look into developing Mobile Information Security policies and guidelines that maximize the security of their data, network and employees. Adding limitations to the extent of data that can be accessed and shared by different employees based on their roles may also significantly control potential network breaches. It may also help organizations to encourage the usage of mobile applications and platforms that are less prone to security risks. Taking preliminary precautions will end up being the most successful strategy for organizations and businesses in protecting their data and assets against the growing use of mobile technologies.