In today's Whiteboard Wednesday, Saj Sahay talks about the top 5 challenges in securing mobile devices. With the bring your own device (BYOD) trend growing, it is important to protect your employee's mobile devices and the exchange servers that access company data. Watch this quick video to learn how to secure your devices.
For more information on this topic, check out a recent webcast we recorded around mobile device security!
Read Video Transcript
Hi everybody. My name is Saj, and I am the Senior Director of Marketing here at Rapid7 in the mobility business. I want to welcome you to another great Whiteboard Wednesday. Thanks for joining me today. Today my big challenge is to go through with you the top five challenges of securing mobile devices.
Before I start with that, I just wanted to maybe just step back a bit and talk about why this is important. This kind of all started with the advent of bring your own devices or BYOD. It started several years back, and now more than 80% of employees in most organizations own their own devices and bring them and use them for either work or personal reasons. So it's a pretty pervasive issue.
One of the byproducts of this BYOD phenomenon has been the increase in security risk to the organization. So really today is all about understanding the key issues that come up with the security risk and how best to secure these devices and why it's an issue.
Let me first start off with point number one, which is multiple devices and multiple platforms. Most of you remember that BlackBerry was the dominant smartphone just several years back, and that all changed when the iPhone came around. Since then, there's been Android and now Windows phone. So there's been a wide growth in terms of diversity and different skews of devices available, as well as tablets as well. So now you have the ability to buy many, many different kinds of smartphones and tablets, and securing all these different platforms becomes very, very difficult as well. So that's point number one, which is multiple platforms, multiple devices, and as a result much more complexity in terms of managing the risk.
Second comment is really around controlling user behavior. I mentioned that 80% of employees are using their own devices. Well, trying to control what they do is relatively impossible, if not futile. These guys want to be able to do work. They want to be able to do play on their own time, and they're trying to be as productive as possible in their lives. So trying to control that behavior becomes very, very difficult, if not impossible. So creating a situation where you have the ability to actually manage this risk but still enabling the freedom for the employee is very, very important.
Point number three: stolen, lost or forgotten devices. Did you all know that the number one electronic good that's being stolen these days is actually a smartphone? It is such a hot commodity that a lot of thieves are looking for it because there's a huge resale value for it. Add that to the fact that employees also are using smaller and smaller devices than before, and they're getting lost or misplaced because they're so easy to do so. Or for that matter, the replacement cycle of these devices is going higher and higher. It used to be two years several years back. We're at almost less than a year now. So you've got people stealing them, you've got people losing them, and you've got people replacing them, and as a result you've got a whole bunch of unused or still devices out there you know nothing about as a security manager in a company. So that's point number three.
Point number four. Well, this is actually a very important point, which is very different than the PC business that most of us are used to. We all know about Patch Tuesday, which Microsoft kind of implements on the PC world. Well, that can't happen in the mobile device world, and you know why? Because it's not just the OS provider, who is actually creating the new OS. It's now you have to be integrated with the software on the actual device with the OEM who makes the device, and then ultimately it has to be given to the carrier who owns the relationship with the customer to both test the device and then also eventually deploy it out for the employee. Most importantly, the employee has to be the one that actually has to implement the patch. So you add all these pieces together, and it creates a situation where you have months to actually update devices, not just weeks or every month like the Patch Tuesday that Microsoft implements. So that's another big complexity that exists in the mobile world.
And then finally, and this is a statistic from the Ponemon Institute, this is 2012 data, so this is very, very recent data. Only 35% of companies have actually enacted usage policies with their employees. So a majority of folks understand that this is a very big risk, because there are so many more people coming in with their devices, but they actually are either unaware of how to do so or have not done so at this point. 65% of companies have not enacted usage policies. So now you have a situation where people don't really know what to do. Most employees want to do what's right, but unless they're actually given some direction, they actually can't do it.
You add all five of these together, and you come up with the top five challenges with securing mobile devices.
Thank you. It was great to be with you for another Whiteboard Wednesday.