Modern mobile devices are a staple technology in almost every enterprise environment. From tech to defense, our reliance on smartphones, tablets and other mobile devices can’t be understated. As we do more and more outside the office, security challenges for mobile devices also evolve. These challenges evolve almost daily, meaning meeting security challenges is that much harder.
Let’s explore some of the security challenges in mobile devices. Hopefully, by the end of this article, you’ll be more aware of the threat landscape and the inherent difficulties in managing mobile devices from a security perspective.
-- Article Continues Below --
Read the complete guide on securing data for mobile devices
While you can do quite a lot to tackle the risks inherent in mobile devices, the one variable that often evades control is the end-user. This is by and large one of the biggest security challenges in mobile devices.
52% of device network attacks, according to research done by Check Point in 2020, fall in the phishing category. Social engineering attacks like this are a cause for concern. Not just because they make up a huge portion of attacks on mobile devices, but it's often a threat that is left squarely to the end-user to avoid. This essentially creates an inherent weak point in any mobile security policy.
It’s not just the end-user, either. While enterprise organizations can implement mobile security policies and mobile device management strategies, they often don’t. In fact, 40% of companies surveyed by Verizon claimed that mobile devices posed the most significant security risk. Sacrificing security is a common trope.
It's easy to overlook our dependence on mobile devices in company networks. To adapt to a modern threat landscape, end-users, IT administrators and management need to all be on the same page regarding mobile device security.
When it comes to developing robust security policies around mobile devices, organizations do have options. More often than not, though, these options operate on a spectrum with flexibility and convenience on one side and security on the other. For the best results, security-minded enterprise organizations will often opt for a corporate-owned personally enabled (COPE) or corporate-owned business only (COBO) policy toward mobile device use in the workplace.
In both of these options, end-users will use a corporate device that gives IT administrators the most control over what’s happening on the device. Even so, threats still exist within this framework that often gets overlooked. Take public Wi-Fi, for example. In large urban areas, it's a pretty common convenience to jump on and off public networks throughout the day.
Any way that you cut it, public Wi-Fi presents a huge risk for data security. Kaspersky studied data from over 32 million Wi-Fi hotspots around the world and found that around 25% used no encryption whatsoever. In many of these cases, it's up to the end-user to parse what’s secure and what’s not. Moreover, if those end-users don’t understand best practices for mobile device security, they are essentially walking blind in a risk-dense environment.
As we travel through the world, we’re all leaving a digital trail of breadcrumbs in our wake. This data trail is what big names in tech like Apple and Google use to feed their marketing research algorithms. Applications like Chrome or iCloud build these services right into the software. We call this data leak digital exhaust — and it's becoming quite a challenge for securing mobile devices.
Data loss via synchronization comes in many different forms. Remote synchronization happens when automated services send data to cloud-based storage systems. This can be through a backup or just sending data to Google without your explicit permission. In most cases, you’ll need to “opt-in” to these features, but most users don’t understand the risks inherent in automatic synchronization and digital exhaust.
One big example is the leaking of locational data in the military. Something as innocuous as a fitness app presented a significant risk to the location of top-secret bases across the world. In this instance, it was running heat maps linked to fitness trackers and an application called Strava. When military personnel went on runs around the base’s perimeter, this information was made publicly available — essentially giving away the base’s location.
Let’s take a look at some common security threats that face mobile devices in the modern world. We’ve already taken a peek at a few of the biggest threats. Unfortunately, though, you’ll find an evolving list of threats that will constantly need your attention if security is a prime concern:
These are just a small selection of the threats that face mobile devices. To stay vigilant, security policies need to adapt to the ever-changing landscape. But that’s only half the battle. Education is also a huge factor in keeping your team safe and secure.
While teams can do quite a bit to lock down security from an enterprise perspective, some things are out of organizational control. We’ve already addressed the end-user perspective, but let’s explore what it looks like from an app development perspective.
Security is always a balance. In almost every case, you sacrifice flexibility and convenience for security. So, do you think app developers are going to take away convenience to secure their apps? Of course not. Convenience and productivity are the names of the game. Unfortunately, security is often left out of the conversation.
We can even extend this idea to mobile devices themselves. Do we use laptops, tablets and smartphones because they are more secure? Again, we don’t; we use them for their convenience. To adopt a security perspective means shifting the culture of risk management in an enterprise setting. It's no longer an option to ignore mobile device security.
Modern problems require modern solutions. With Archon Mobile, end-users operate within specialized “personas” that are essentially disconnected from the underlying technology stack. What this does is allow for end-users to operate their devices just as they would regularly but without opening up vulnerabilities.
Our approach is fundamentally different from other security measures and enterprise policies. We wanted to tackle the security challenges in mobile devices head-on. Our system is built from the ground up to meet the most stringent commercial solutions for classified (CSfC) framework while still presenting an easy-to-use mobile experience for end-users.
Our platform combines the best qualities of convenience without sacrificing security. To learn more, make sure to reach out today!