• United States

Most businesses don’t enforce mobile security policy

Jan 26, 20062 mins
Cellular NetworksNetworkingSecurity

Enterprises are doing a poor job of securing workers’ handheld devices, according to a report released Thursday by Orange and Quocirca.

The survey of 2,035 IT professionals in the U.K. found that one in five companies that already have wide deployments of mobile devices have no policies in place for mobile security. Of the surveyed companies that do have mobile security policies, more than 60% say their policy is not enforced.

The survey mainly looked at security from the point of view of ensuring that unauthorized people can’t use employees’ devices to access corporate information, rather than examining protection against viruses or other malware.

The study found that 80% of businesses surveyed said that their employees are the main threat to mobile security. But the report’s author says that IT departments have tools that they can use to help secure the devices.

One policy that IT departments should be implementing is remote management capabilities that can help in case a device is lost or stolen, said Rob Bamforth, an analyst at Quocirca and the report’s author. For example, synchronizing the device with back-end servers can ensure that data stored on the device isn’t lost. Enterprises can also implement remote wipe or kill features that delete data or make devices unusable if they are lost or stolen.

Mobile device management should also include a legal aspect if case sensitive data is stolen, as well as insurance for any financial implications of lost data, Bamforth noted.

IT departments should also be responsible for deploying products for securing devices such as firewalls and VPN protection, said Shaun Orpen, vice president of marketing for Orange UK.

Part of the reason that IT departments may not be implementing these security policies is that handheld devices are generally perceived as cheaper, easier to replace and less intrinsically valuable than laptops, said Bamforth. “But of course they could be carrying something of massive intrinsic value,” he said. Such devices are increasingly capable of accessing corporate data.

The widespread use of consumer electronic devices may actually be helping to change the perception of handheld devices in the enterprise, he said. “You could be carrying a very valuable record collection on an iPod, for example, so the expectation of value is going to change,” he said.


Nancy Gohring is a freelance journalist who started writing about mobile phones just in time to cover the transition to digital. She's written about PCs from Hanover, cellular networks from Singapore, wireless standards from Cyprus, cloud computing from Seattle and just about any technology subject you can think of from Las Vegas. Her work has appeared in the New York Times, Computerworld, Wired, the Seattle Times and other well-respected publications.

More from this author