The latest figures from Gartner report an 8.6% fall in PC sales in the last three months compared to a year ago as people continue to move away from laptops and PCs, towards tablets and smartphones.
Of course the PC is not going to be replaced completely in business. But such is the power and flexibility of today's mobile devices, and the willingness of businesses to embrace the often-hyped 'Bring Your Own Device' movement, that means we as users are making more and more use of mobile devices not just to watch funny kitten movies, but also to do our 'normal' business day-to-day.
Gartner suggest sales of tablets will grow by 70% this year, and smartphones will break the two-billion-unit mark by 2017.
However, this trend whilst convenient and ultimately flexible for many puts huge pressures on those of us in the security industry that have to protect these increasingly business critical devices and the data they may contain while they are mobile and outside the sanctuary of the corporate network.
Of course the bad guys out there recognize this transition and are already targeting mobile devices. Android malware is already widely seen and while Apple iOS is very secure, it has had vulnerabilities, and of course any mobile device can potentially deliver malware into an organisation when accessing the extended corporate network.
Ultimately adoption of mobile devices in the workplace presents a challenge that is as much a question of policy and control as it is of technology alone.
Security of mobile devices is a question of three phases:
• Before - establishing control over how mobile devices are used and what data they can access or carry
• During - Visibility and intelligence is vital if security professionals can hope to identify the threats and risky devices and monitor their activities on the corporate network
• After - when the inevitable happens and the network is compromised by a threat, this is the ability to retrospectively review how that threat entered the network; which systems it interacted with and what files and applications were run to ensure it can be cleaned up as quickly as possible.
So rather than feeling threatened by mobile devices, here are a few technology steps you can take to help maintain control of your network.
• Enterprises can approach this by first, identifying technologies that provide visibility into everything on their network - devices, operating systems, applications, users, network behaviors, files as well as threats and vulnerabilities. With this baseline of information they can track mobile device usage and applications and identify potential security policy violations.
• Second, enterprises can leverage technologies that help apply security intelligence to data so you the company can better understand risk. From there they can evaluate mobile applications to determine if they are malware and even identify vulnerabilities and attacks targeting mobile assets.
• Third, identify agile technologies that allow the company to adapt quickly and take action to protect systems in rapidly changing mobile environments. Corporates within the enterprises need to create and enforce policies that regulate what data can be transmitted to mobile and BYOD users.
• For employee-owned devices, it may be useful to lock down your organization's network or computers (laptops, desktops, servers) with capabilities like application control. Consider approved applications that can be used by employees to remotely access their desktop computers back in the office from their tablet while travelling. While they may not be able to limit the installation of an application on the device, they can prevent it from running on corporate-owned computers.