mcafee mobility&security

8/6/2019 McAfee Mobility&Security

1/12

Mobility and SecurityDazzling Opportunities, Profound ChallengesWritten by Carnegie Mellon University

Dr. David Goldschlag, VP of Mobility, McAfeeMr. Richard Power, Distinguished Fellow, CyLab


2/12

Confidential McAfee Internal Use Only

Report Background

In collaboration with Carnegie Mellon University, McAfee took a hard look at

the topic of mobile security and the consumerization of IT. Mobility andSecurity: Dazzling Opportunities, Profound Challenges, is based on asurvey of more than 1500 information technology and end user respondentsfrom 14 countries and was commissioned by McAfee and produced byCarnegie Mellons CyLab.

The online surveys were administered by international research firm VansonBourne. Businesses in Australia, Brazil, Canada, China, France, Germany,India, Japan, Mexico, the Netherlands, Spain, Switzerland, the U.K., and theU.S., participated in the survey.

We examined the current state of mobile security, some common problemsand offered some recommendations that all businesses and consumers

should consider.

What we found is that there is a serious disconnect between businesses andmobile users. While an increasing number of consumers use mobile devicesfor both business and personal activities, large numbers are not familiar withtheir employers corporate policy on the use of mobile devices.


3/12


Mobility in Twenty-First Century Computing and theConsumerization of IT

Recent advances in computing technology have resulted in greatly

increased speed and storage capacity for mobile computing devices This shift to mobile computing hasnt just changed users personal

lives, it is changing their work lives too. More users are finding thattheir employers are not keeping pace with changing mobiletechnologies.

Apple iPhones, Droids, Apple iPads, and other mobile platforms areinvading corporations worldwide. According to Apples chief operatingofficer, 65 percent of Fortune 100 firms are already deploying the iPador piloting projects, and many analyst firms are predicting an explosionof tablet devices in the enterprise in 2011

According to the Gartner report, Forecast: Mobile Application Stores,Worldwide, 2008-2015, May 18, 2011 (G00212661), 17.7 billionmobile apps are estimated to be downloaded in 2011 (a 115%increase from 2010). By 2012, mobile apps are projected to generatemore than $15 billion in app store revenues from end-users alone.

3


4/12


Security Implications of Mobility in Twenty-FirstCentury Computing

Attacks against mobile devices will escalate in 2011as criminals seek to tap into fragile cellularinfrastructure to access often unencrypted businessand corporate communications.

The contact list on a smartphone containsintelligence on who the company does business

with, including current clients, prospects, criticalsuppliers, influential analysts and reporters, andothers

What if a remote attacker turned a smartphone orlaptop into a tape recorder concealed in plain

sight, and was carried into the enterprise?

Most information is vulnerable, not because

of attacks, but because they are accidentally

left somewhere

June 1, 20114

95 percent of

organizations havepolicies in place formobile devices.However, less thanone in threeemployees arevery aware of theircompanys mobilesecurity policy.


5/12


Lost and Stolen Devices

Lost and stolen mobile devices are

seen as the greatest securityconcern in the mobile computingenvironment.

Loss of a device and the theft of adevice are the two most commonly

reported concerns of users of mobiledevices.

Loss and theft are also the securityissues that worry the most ITdirectors.

Mobile devices are almost

universally used for email, followedby contacts, web access andcalendaring, with 93 percent usingthem for email, 77 percent managingcontacts, 75 percent web access,and 72 percent calendaring.


6/12


Security Policy Versus Mobile Reality

There is a serious disconnect

between policy and reality andbetween policy awareness andadherence. Both IT directors andusers are dissatisfied with the statusquo.

Recognizing that mobile devicespose a security risk, 95 percent oforganizations have policies in place

However, less than one in threeemployees are aware of theircompanys mobile security policy.

Worse yet, fewer than half ofcompanies report that all of theiremployees understand their mobiledevice access/permissions.

6

Four in 10 organizations do not have

a policy on the number of devicestheir employees are allowed to sync.

Four in 10 organizations allowemployees to access the Internetand download mobile apps freely,

using their mobile devices. More than a third of businesses

allow mobile device users to connectto the internal network with thosedevices.


7/12


Glaring Shortcomings of Mobile Policies

CyLab researcher Patrick Tague addressesseveral aspects of the survey results thatunderscore some glaring shortcomings ofmobile security and policy management:

Lack of separation between devices for

personal and business use Overwhelming lack of awareness of

company policies regarding security andprivacy

Apparent unwillingness of the majority of

administrators to pay for mobile securityproducts or services

I was pleasantlysurprised to see thatadministrators areincreasinglyincorporating locationand other contextualinformation into securitymanagement, saysTague. These sorts ofdata provide usefulsupplements to

traditional access controland authenticationmechanismsthat will undoubtedlyimprove usability.


8/12


Types of Smartphones Supported

8


9/12


Location-Based Technology Could Improve MobileSecurity

Respondents offered insights into additional

technologies and services that may play agreater role as mobile computingenvironment evolves further.

More than one in five businesses are usinglocation-based technology and almost half

are considering do so.

I find it disturbing that only 22 percent are

using location now, and that 30 percent arenot even considering it,Martin Griss, Director of the CyLab MobilityResearch Center.


10/12


Recommendations for Mobile Users

10

You are part of a computing sea of change. With devices eclipsing PCs, and

virtually every app device-ready, mobile computing offers you an opportunityto be entertained, informed and connected wherever you are. Use this toyour advantage to be more productive on the go.

Driven by users desire for device choice and employers need for costsavings, individuals are increasingly bringing their own devices to work.

Take advantage of your employers program and use your technology to bemore nimble in your work.

Familiarize yourself with your employers mobile device policy and the intentbehind it, and decide whether it fits your needs. If so, accept the policy andmove on; if not, use two devicesone for personal use and one for work.

Take steps to secure your device. Install anti-theft technology, and back up

your data. Configure your device to auto-lock after a period of time. Dontstore data you cant afford to lose or have others access on an insecuredevice.

Be aware of mobile device threats. In many ways, they are the same as inthe online world. You can be hacked, infected, or phished on a mobile device

just as easily (and often more easily) as you can online.


11/12


Recommendations for Businesses

11

Mobility is ushering a new computing paradigm into the workplace. With

devices eclipsing PCs and virtually every business application beingdevice-ready, mobile computing offers an opportunity to make workersmore productive, competitive, and happy. Mobility done right is a majorcompetitive advantage in the workplace.

Allow, Encourage, and, in some cases, provide a stipend for, employee-owned technology to work.

Enable, secure, and manage employee-owned technology in an optimalway to drive cost savings.

Apply policies in a nuanced, risk-based way that depends on the industry,the role, and the situational context.

Classify data, even at a high level, and apply data leakage processes andmechanisms in order to protect corporate data while respecting usersprivacy.

Apply security and management paradigms from laptops and desktops tomobile devices.

Educate users about the risks and threats through employee agreementsand training.


12/12

mcafee mobility&security

Documents