It seemed all the world's newswires went into meltdown this week at the exciting news of a pair of new Apple iPhones soon becoming available. But while Apple continues to command a huge share of the growing smart phone market, it is use of Android phones that continues to expand at the biggest rate.
Analyst firm IDC recently reported globally that Android has had a 79.3% share of the smart phone market, with iOS second with 13.2%.
While smart phones, tablets and laptops are becoming our 'go-to' devices, creating a boon in productivity, the bring-your-own-device (BYOD) movement is increasing security risk to the corporate network and corporate data.
Employee-owned mobile devices that access corporate resources are outside of the control of the corporate IT function. As a result it can be difficult to identify even basic environmental data for these devices such as the number and type of devices being used, as well as operating systems and applications.
In addition, mobile malware is growing rapidly, which further increases risk. Research indicates that malware targeting Android-based devices has increased nearly 500% since last summer. The Android platform is more susceptible to malicious malware because the market is not as managed and controlled as it is for iOS/Apple. While iOS is not invulnerable, it means malicious apps are easier to be created and submitted to the Android market for download, where unsuspecting users then download these data mining apps and run into problems later on.
Given the lack of even basic visibility across most corporate networks, most IT security teams certainly don't have the capability to identify potential threats from these devices.
But it is vital to gain the information superiority advantage in a mobile world, so IT security professionals must be able to see everything in their environment, understand whether it's at risk, and then protect it. For most enterprises, the right solution isn't to ban BYOD strategies but to implement BYOD policies that clearly define the proper use of employee-owned devices in the enterprise. Here are a few steps you can take to help maintain control of your network.
• Enterprises can approach this by first, identifying technologies that provide visibility into everything on their network - devices, operating systems, applications, users, network behaviors, files as well as threats and vulnerabilities. With this baseline of information they can track mobile device usage and applications and identify potential security policy violations.
• Second, enterprises can leverage technologies that help apply security intelligence to data so you the company can better understand risk. From there they can evaluate mobile applications to determine if they are malware and even identify vulnerabilities and attacks targeting mobile assets.
• Third, identify agile technologies that allow the company to adapt quickly and take action to protect systems in rapidly changing mobile environments. IT teams need to be able to create and enforce policies that regulate what data can be transmitted to BYOD users.
• Enterprises should seriously consider implementing Application Control to limit users from mobile devices and desktop system to 'known Good' applications and keep users safe from known bad websites and applications. This effectively reduces the potential attack surface.
• Enterprises that allow Mobile devices to be connected to their networks should consider a policy that allows this to happen only if 'approved' anti-malware software is installed on the device.
The rise of the Droid 'army' of smart phone and tablet users will likely be slowed by the sexy new Apple phones, but evidence from past launches shows that Android devices will continue to see widespread adoption and so the headaches will only increase for IT security teams in businesses around the world -- unless they can gain the information security advantage.