The Black Hat USA conference takes place next week. If it's anything like RSA and Interop, there will be a fair amount of discussion about BYOD and mobile device security. Yup, a lot of hype but this is a topic worth discussing as nearly every enterprise organization and CISO I speak with is struggling here.
Why the difficulty? In a recent ESG Research survey, we asked 315 security professionals working at enterprise organizations (i.e. more than 1,000 employees) about their most difficult mobile security challenges. Here's the problems they identified:
- 48% said: "enforcing security policies for mobile devices"
- 46% said: "lost or stolen devices containing sensitive data"
- 46% said: "sensitive data confidentiality and integrity protection when accessed or stored on a mobile device"
- 41% said: "threat management on a mobile device"
- 41% said: "supporting new device types"
- 40% said: "creating security policies for mobile devices"
What's interesting here is that there is a laundry list of problems. In other words, there isn't one or two big issues and a lot of little nits but rather a number of equally challenging problems. The other thing that stands out is the variety of problems at hand so you can't just address mobile device security with an MDM, DLP, or anti-malware solution. You need the whole enchilada.
Mobile device security appears to be the Wild West at this point -- chaotic, lawless, and unknown. Vendors like Good Technology and MobileIron have established a leadership position but we are just scratching the surface around what's needed here. That's why endpoint security leaders like McAfee, Symantec, and Trend Micro as well as network security vendors like Check Point, Cisco, and Juniper are all making a play here.
The ESG data reveals that users certainly need help but given the extent of the challenges they face, security technology vendors should think about education, managed services, and professional services for mobile device security and not just pushing software SKUs through the channel.