Billions of Dollars in Security Efforts Rendered Moot

Wednesday, November 17, 2010



More evidence that convenience trumps security?

A report released by mobile technology vendor iPass reveals that nearly one quarter of employees surveyed admit that they regularly disregard security measures meant to protect sensitive data by accessing corporate networks on non-approved mobile communications devices.

Almost an equal number of those queried indicate they have experienced some form of data loss via mobile devices.

"Un-provisioned smartphones are a significant risk to enterprises. 20% of these mobile employees have experienced a relevant security issue with their smartphone containing business data lost, stolen, infected or hacked," said senior vice-president marketing and product management at iPass Steven Wastie.

The issue is further compounded by the revelation that only one-third of companies have so-called smartphone policies in place.

So, while billions of dollars are spent annually to protect proprietary information on corporate networks, the efforts are being regularly undermined by both a lack of leadership from enterprise security managers and outright laziness on the part of employees.

The problem of convenience trumping security measures is not isolated to the use of mobile devices, as any good security analyst will attest.

Stories abound of employees using non-complex passwords that can be cracked by hackers, or simply writing them down and leaving them where they could easily be discovered.

The problem does not rest on the shoulders of employees alone, as the impetus is on management to create clearly defined security policies and to make the necessary investment in employee education and awareness to ensure the policies have the intended effect.


Possibly Related Articles:
PDAs/Smart Phones
Data Loss Enterprise Security Mobile Devices Smart Phone Headlines
Post Rating I Like this!
Derrick Buxton I think the answer is blocking access to the corporate network from any non approved device.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.