Editor’s Note: This post is a response to EN Mobility Workspace. Please see that post for full context.
A colleague of mine here at Cisco, Jonathan, recently spoke well to the Evolution of Cisco Mobility Workspace Journey. Like all technologies, there is an adoption and engagement cycle based on maturity and risk level. We begin at the device-focused phase with a simple “get me on the network.” Following is the application-focused phase, “now that I am on what can I do with my ability to move around without a wire and work anytime and anywhere.” And the final is the overall experience, which is tailored to the user based on who they are, where they are, what they need or can do. And one can argue the next mobility phase for organizations is IoT (Internet of Things) as more single purpose devices (not necessarily with a user behind it) move to the wireless network.
What is critical to point out is the consistent requirement (not a nice to have) for security as the mobile user experience expands. Why is this so important? According to IDC over 47 percent of organizations see security enhancements required with their mobility initiative. The questions to consider are:
- What are the secure mobility issues today and potentially tomorrow?
- What are the implications?
- What is likelihood of these threats?
The top secure mobility concerns noted by numerous surveys indicate the following:
- Data protection
- Application access
- Lost and stolen device
- Rogue devices
And there is good reason for these concerns. Consider the mobility user behavior that may provoke these issues with 63 percent downloading sensitive corporate data on their personal device at least “sometimes” and 60 percent engaging in risky technology behavior on a device for work activities. Most mobile employees assume IT has them covered.
There is evidence of these concerns being quite real given the threat landscape. A recent Ponemon study indicated 68 percent of mobile devices have been targeted by malware in the last 12 months and mobility will be the biggest threat vector for 2014. The cost for cyber security can be about US$11.6 million per year for organizations. This is not a cost to simply absorb. The Internet is a key source of threats—the recent 2014 Cisco Annual Security Report noted that 100 percent of business networks analyzed have traffic going to websites that host malware. For mobile devices, the Internet is a critical highway to content and engagement.
Examining the financial services market’s point of view on mobility, another Ponemon study sponsored by MobileIron found that there were many priority misalignments and a call for new thinking. In particular, for security to be a baseline competence expected of all mobile IT professionals. This sounds challenging since there is a talent shortage for security skills. But it could be opportunity for mobility professionals!
Mobile & Security IT professionals:
Here is your starting point to learn about Cisco secure access solutions for mobility. Watch a brief video on how three customers secured their mobile environment successfully. Cisco delivers the most complete visibility and continuous protection of mobile devices, applications, and data. Cisco’s security expertise and commitment to security has been clearly demonstrated in significant market leadership and the recent acquisition of SourceFire. Stop by the Cisco booth @ Interop–Las Vegas to see and hear more this week!
You talk about how the Internet of Things will be a threat to security but then go back to concentrating solely on users downloading things! Increasingly more and more focus is on how clients are being attacked as gateway’s into the network and the IoT will only make this trend even worse. As a security professional in the wireless space I find this article doesn’t do more than rehash existing information that is out there about mobile threats. How is Cisco going to address the new threats that come from IoT clients? What are you doing to help secure this obvious next phase of the growth of wireless connected devices? I was hoping for much more than an very light on actual information piece out of this.
Chris–Thank you for your dialogue and fair feedback. You have inspired me to write my next blog on the Secure Access controls ((ink noted in the last paragraph) needed for the first line of defense for the new mobility and IoT threats. These controls are offered over a continuos threat spectrum (before, during and after) I am also glad to hear that you are very familiar with the mobile threats. My experience with others suggest that they are not and many of these stats are relatively new–simply validating the ongoing concern. Thanks again.