Database Security
Authentication
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management

Mobile

2/3/2014
02:35 PM
Marilyn Cohodas
Marilyn Cohodas
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
17 comments
Comment Now
50%
50%

Infographic: Mobile Security Run Amok

Where is your organization in the battle over mobile device management and security?

2014 marks the 10th anniversary of the world's first mobile malware, Cabir. In the decade since, the incidents of mobile malware have increased dramatically. Yet, according to InformationWeek's 2013 enterprise security survey, the majority of security pros still don't have a clue about what devices are accessing their networks.

Where is your organization in the battle over mobile device management and security? Check out the graphical depiction of the research below, then let's chat in the comments about the challenges you face.

Marilyn has been covering technology for business, government, and consumer audiences for over 20 years. Prior to joining UBM, Marilyn worked for nine years as editorial director at TechTarget Inc., where she launched six Websites for IT managers and administrators supporting ... View Full Bio

Comment  | 
Print  | 
More Insights
Webcasts
More Webcasts
White Papers
More White Papers
Reports
More Reports
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
 User Rank: Strategist
2/10/2014 | 8:45:13 AM
Re: No Clue? The 45 percent-- encryption
The data point about encryption is kind of misleading. If 13 percent of respondents say they don't enforce encryption on mobile devices, that means 87 percent do. That seems to me like a pretty good statistic.
IMjustinkern
50%
50%
IMjustinkern,
 User Rank: Strategist
2/7/2014 | 4:03:27 PM
Re: No Clue? The 45 percent
The encryption portion of this is the most astounding part to me ... We've had encryption for email for how long, but it seems too alien a process when the device is in the palm of our hand. Easy encryption on mobile devices lets people use their devices (that they're using anyway) and keeps IT managers from stabbing themselves in the eyes.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
 User Rank: Strategist
2/6/2014 | 8:04:20 AM
Re: dirty words
Paul -- Why do you think MDM is so underutilized? Cost, effectiveness, technology issues, users?
PaulS681
50%
50%
PaulS681,
 User Rank: Apprentice
2/5/2014 | 8:23:09 PM
dirty words
MDM seems to be dirty words to IT. Mobile devices have been around for some time now and security is still a big issue. Companies adopt BYOD in some form but have no means to manage it correctly.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
 User Rank: Strategist
2/5/2014 | 1:43:57 PM
Re: Mobility fallout -- encryption
If 13 percent don't enforce encryption on mobile devices using my massive abilities in arithmetic, that means 87 percent of enterprises do enforce encryption. I guess that puts you in the majority, Li.  

 
Li Tan
50%
50%
Li Tan,
 User Rank: Apprentice
2/4/2014 | 7:55:07 PM
Re: Mobility fallout -- encryption
Marilyn, this is not a suprise to me. People are eager to get email access, etc. working on their mobile device. As long as it works, they will not bother to enforce the security rules. I think the best approach for the enterprise would be configuring the system so that no unencrypted/unprotected access is allowed.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
 User Rank: Strategist
2/4/2014 | 11:57:18 AM
Mobility fallout -- encryption
Anyone surprised that 13 percent of respondents don't enforce encryption on mobile devices that contain enterprise data? 
PeteJW
50%
50%
PeteJW,
 User Rank: Apprentice
2/4/2014 | 7:43:10 AM
Re: No Clue? The 45 percent
Hi Marilyn - Definitely a combination - What I personally consider key is having the management flexibility in  the tools and tech to not only ensure a policy is enforced, but actually deliver the flexibility needed to guide its development -- especially if policies start off too rigid/control-centric and are being ignored.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
 User Rank: Strategist
2/4/2014 | 6:35:53 AM
Re: No Clue? The 45 percent
Thanks, PeterJW. What are the  "techniques you've seen that are effective in controlling BYOD. Are you speaking of policies or technologies or a combination of the two. 
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
 User Rank: Strategist
2/4/2014 | 6:33:00 AM
Re: No Clue? The 45 percent
"The installation process is rather tedious and time-consuming. Furthermore, I do doubt its effectiveness."

That's a killer assessment, especially from someone who is tech-savvy and not your typical end-user/employee. If a tough, unenforceable BYOD policy turns off even the "believers," then mobile security has truly run amok. There must be a better way.
Page 1 / 2   >   >>
Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDL,  3/19/2019
BEC Scammer Pleads Guilty
Dark Reading Staff 3/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Well, at least it isn't Mobby Dick!
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-20165
PUBLISHED: 2019-03-22
Cross-site scripting (XSS) vulnerability in OpenText Portal 7.4.4 allows remote attackers to inject arbitrary web script or HTML via the vgnextoid parameter to a menuitem URI.
CVE-2019-1716
PUBLISHED: 2019-03-22
A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code. The vulnerability ...
CVE-2019-1763
PUBLISHED: 2019-03-22
A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to bypass authorization, access critical services, and cause a denial of service (DoS) condition. The vulnerability exist...
CVE-2019-1764
PUBLISHED: 2019-03-22
A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack. The vulnerability is due to insufficient CSRF protections for the ...
CVE-2019-1765
PUBLISHED: 2019-03-22
A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an authenticated, remote attacker to write arbitrary files to the filesystem. The vulnerability is due to insufficient input validation and file-level permis...