CIO alert: Most believe a mobile breach is inevitable; it’s time to actively monitor data stored on corporate mobile devices

If a device falls into the wrong hands, the impact on a company's competitive positioning, brand and reputation could be severe.
By Manufacturing Business Technology Staff September 11, 2007

More than half of CIOs at top 500 enterprises indicate that technical product data, sales data, and customer details are accessible on company mobile devices, and nearly one-third say company financial data also is accessible, according to a new survey of CIOs.
Many of these devices also provide access to corporate networks. In the U.S., 66 percent of CIOs say they are very concerned about data loss from mobile devices. If a device falls into the wrong hands, the impact on a company’s competitive positioning, brand and reputation could be severe. Not only that, the loss of data stored in mobile devices breaches key regulatory compliance requirements.
Only 12 percent of CIOs reported that they have a total record of the data users store on their devices, so if there is a security breach, companies will not even know how severe it is or what data has been compromised. Yet 6 percent of companies surveyed reported a corporate mobile device was lost or stolen in the past six months. The problem of data loss will only be exacerbated as more users access the corporate network using more powerful devices loaded with more-and more sophisticated-data applications. Enterprises are thus looking for mobile security solutions that alleviate the risks of moving to a higher level of mobile computing.

To find out what CIOs think about the mobile security challenge and how to meet it, mobile device management leader, Mformation Technologies sponsored a survey by independent research firm Coleman Parkes , which conducted 200 interviews with CIOs and telecommunications directors of top 500 enterprises divided across the U.S., U.K., Germany, and Spain.
“The number of mobile devices is reaching critical mass in many enterprises, and CIOs everywhere are becoming aware of the threat they pose to corporate security and compliance,” said Matt Bancroft, CMO of Mformation. “As a result, CIOs are initiating a range of activities, including greater investment in data and system security, in training staff on how to work securely from a mobile device, and in IT monitoring and security systems. But they also recognize that more needs to be done, and are looking to their mobile operators to help provide broader, deeper mobile security than has been previously available.”

No quick security fix
As CIOs become more aware of the risks associated with mobile devices, they are actively looking for ways to improve security. About 84 percent of CIOs surveyed had improved authentication and security systems for mobile devices and implemented basic password protection. Half of the CIOs indicated they are looking for solutions to remotely lock down devices. And fully 60 percent are working with network operators to improve security. The vast majority (80 percent) realizes there is no quick fix for mobile security; instead, they see solving security as something for the long haul.
Arriving at the right solution is only part of the problem, however; it is also important to determine who will be responsible for managing the security solution. The survey showed that 65 percent of CIOs said the IT department should take the lead while 22 percent feel it is the responsibility of the network operators-indicating that a coordinated approach involving both the enterprise and operator would be an ideal way to handle security.
CIOs recognize they need to plan for integrated management and security of a mobile environment that is changing and evolving rapidly, and they want solutions that involve their key network operators. A coordinated solution has operators offering managed services that alleviate the risks of moving to a higher level of mobile computing while giving the enterprise day-to-day control over its valuable corporate mobile assets. CIOs will need to work closely with mobile device management suppliers and network operators to ensure critical corporate data is always secure, even as more and more enterprise employees use mobile devices.