Evaluating Your Mobile Deployment Risks

Alex Manea


May 1, 2015

mobile risks

Employees increasingly recognize the benefits of working anywhere, anytime via their mobile phones, leaving companies scrambling to keep up with the demand to access corporate information on a variety of devices. As the complexities of managing mobile devices increase, however, so do the risks of a significant data breach.

According to a BlackBerry study of individuals responsible for governance, risk and compliance at more than 1,000 companies, the top enterprise mobility risks are: loss or theft of devices that contain unprotected, sensitive data; use of unapproved applications or cloud solutions; and inadequate separation between work-related and personal use of a device. These threats are real, with 59% of respondents indicating that the number of data breaches their organization has experienced via mobile devices has increased in the last year. But the study found a significant gap between the risk factors and the actions taken to mitigate them. In fact, 70% of respondents said they are more tolerant of risk than they should be.

Organizations know they need to re-evaluate their mobile security strategy, but 58% of survey respondents admitted that they were not well-versed in mobility risk factors. A lax mobile strategy can cause significant reputational damage as well as financial penalties and loss of revenue—the Ponemon Institute’s “2014 Cost of Data Breach Study” found that the average cost of a data breach in the United States is now nearly $6 million. The bottom line is that a mobile deployment strategy needs to be discussed and managed at the top levels of every organization.

Mobile technology requires a careful balance between serving the needs of your users and minimizing the risks that could lead to data breaches. As you evaluate your current mobility solutions, six key areas must be considered:

1. Security. While security ranked high on the list of factors companies used to evaluate enterprise mobility platforms, there are still many organizations that do not know the right way to determine if a vendor’s security protocols meet their needs. This is crucial to understand in order to make sure your confidential data is protected and ensure regulatory compliance.

2. Productivity. Most enterprise mobility strategies cite productivity gains as a primary objective. When looking to put security measures in place, be sure they allow your users to work effectively, otherwise they will find ways to get around them.

3. Procurement. Different business functions should have input into decisions around mobility strategy, not just the IT department. When considering bring-your-own-device (BYOD) options, for instance, you may need to involve the legal and human resources teams. Security and risk managers should also be involved in the procurement decision.

4. Cost and risk. Be sure your total cost of ownership calculations also include additional costs that could arise, such as upgrades, technical support and replacements. When dealing with vendors, take into account the risk each one introduces. Remember that security is only as strong as its weakest link.

5. Compliance. Determine which industry regulations apply to your company’s mobile technology deployment. Compliance is becoming very difficult as governments impose additional regulations and consumers adopt new technology at a faster pace than IT can react.

6. Analytics. Analyzing the data on mobile devices may be crucial in case of a fraud or insider trading investigation, data breach, or if key employees leave the company. Major industry regulations like Sarbanes-Oxley and HIPAA also include user data logging as part of the core requirements.
Alex Manea is director of mobile security at BlackBerry.