"Users who live, work and play with multiple devices are demanding that banks, governments, retailers and other organizations embrace mobility," said Entrust President and CEO Bill Conner. "Particularly in the enterprise, employees, managers and staff are adamant that mobile devices are essential work resources and urge their companies to realize the full potential of mobile computing."
Supporting this stance, a recent Forrester report, "Mobile Authentication: Is This My App? Is This My User?" suggests more than half of users (52 percent) now rely on three or more devices. In fact, 60% of the devices are used for both personal and business use.
To gain an even better understanding of how mobile perception is changing for IT decision-makers in the enterprise, Entrust commissioned Forrester Consulting to publish a new report, "Mobility Helps Enterprises Enter a New Age."
"While the security of mobile devices continues to fight an inaccurate perception, the reality is quite clear: mobile is more secure than PCs," said Conner.
Despite the growing reliance on mobility, IT decision-makers still incorrectly believe traditional PCs are more secure than mobile devices. Of those who responded, some 71% either somewhat or strongly agreed that desktops/laptops are secure, as opposed to 43% that said mobile devices are secure.
"While mobile devices are technologically more secure than traditional PCs, decision-makers view mobile devices as insecure because of media reports and the small size and personal nature of the devices," stated the January 2013 study.
Understanding Media Reports
Consumers and enterprises alike can be swayed by misguided media reports. Some educated concern about mobile security is rational, but mobile-based attacks to date are only gaining access to photographs, contacts, calendar items and SMS capabilities, the latter being the most concerning.
For example, SMS-based malware Zitmo, and its variants, demonstrates how SMS redirection can exploit Android-based mobile devices for illegal financial gain. Another example, known as premium-rate fraud, leverages SMS-based malware to actively make money for the attacker by having the target Android device automatically text a SMS pay service.
Because of end-user comfort and trust in text messages, SMS-based malware should not be underestimated. It's strongly advised that organizations only deploy mobile security solutions that do not rely on SMS-based security controls, including SMS OTPs, for sensitive or high-risk transactions.
Despite media reports on mobile devices being unsecure, mobile OS architectures offer a level of security that is above desktop operating systems. Desktop malware -- performing malicious app-to-app process migration, native keyboard key-logging and Zeus-style memory-hooking -- is not being found in mobile malware samples. Plus, specific mobile vulnerabilities usually have a short lifespan.
As for Android, malware usually only targets specific hardware, firmware and OS versions, which greatly reduces the viability and lucrativeness of large-scale infections.
Why are Mobile Devices More Secure?
It's based on a multilayered approach that's core to development of mobile operating systems. Applications installed on mobile devices are digitally signed or thoroughly vetted. Legitimate applications also are sandboxed, meaning they can't share or gain access to each other's information -- an important trait that helps defend against advanced mobile malware.
The strength of mobile platforms is further augmented by third-party security capabilities. Solutions that offer digital certificates, embed seamless OTPs, or provide application-specific PIN unlock options further bolster device security.
Mobile Perception Changing in the Enterprise
The innovation in mobile security solutions could be the catalyst for the changing perception in the enterprise. According to the Forrester study, enterprises are investing more in mobile, and are making mobile security a high or critical priority in 2013.
This is an important shift as the true power of mobility isn't yet being realized. The use of mobile capabilities that actually increase security or streamline business -- mobile commerce (10 percent), partner/supplier applications (12 percent) and customer-specific applications (14 percent), for example -- is decidedly lower amongst responders. Once mobile devices are properly secured, leveraged and managed, more and more enterprises will embrace mobility as a standard business component.
"It's promising to see enterprises beginning to appreciate how mobile devices, and related applications, streamline business, increase security and defend against targeted attacks," said Conner. "This shift is made possible by an important convergence of consumer technology, business enablement and identity-based security."
The commissioned study found that 60% of firms, in 2012, indicated that creating a comprehensive mobile and tablet strategy for their employees was at least a moderate priority. Even better, 54% of enterprise IT decision-makers are increasing their mobile investment in 2013. Responders cited improved flexibility over tradition authentication (68 percent) and the ability to adapt to threats (64 percent) as primary reasons behind their new mobile policies.
In contrast, the study found that 50% of enterprises have implemented, but are not expanding, very basic access to email and calendars from mobile devices. Of those same responders, access to network systems (42 percent) and supporting collaboration (36 percent) marked other accepted use cases. Those findings dip when enterprises that haven't implemented those capabilities were asked if they planned to do so in the next 12 months.
Secure Mobile, Leverage Mobile
To effectively mitigate risk, enable true efficiency and satisfy customer expectations in the mobile environment, organizations must ensure mobile devices and related identities are secure -- but in a way that minimizes user barrier and frustrations. Once secured, organizations then have the opportunity to leverage mobile devices to actually improve security in other parts of the business.
"Mobile devices are broadly adopted; once secured, people can increasingly use them for strong desktop and online security as well," the study stated. "Mobile-fueled security is on the rise and holds the promise of increased ease of use, flexibility and security. To secure these transactions, decision-makers can leverage a variety of technical and security capabilities to meet the trust and security needs of diverse use cases."
With the growing dependence on mobile devices to execute business operations, organizations are urged to provision solutions that not only address security needs, but also ensure the mobile experience is simple and unencumbered.
To help organizations better leverage mobile technology, Entrust solutions authenticate mobile devices connecting to a network, encrypt and digitally sign mobile email communication, embed identity protection into mobile applications, and monitor transactions to detect fraudulent or unauthorized activity.
To download the Forrester Technology Adoption Profile commissioned by Entrust, or learn more about proven mobile security solutions, visit entrust.com/mobile-perceptions.
Tweet It: Perception Versus Reality -- Industry Trends, Research Confirm Mobile Devices Can Be More Secure than PCs
This Technology Adoption Profile was commissioned by Entrust. To create this profile, Forrester leveraged its Forrsights Budgets And Priorities Tracker Survey, Q4 2012, Forrsights Hardware survey, Q3 2012, Forrsights Workforce survey, Q4 2012, Forrsights Workforce survey, Q2 2012, as well as its Forrsights Security survey, Q2 2012. Forrester Consulting supplemented this data with custom survey questions asked of 50 senior technology decision-makers in North American companies with 2,000 to 10,000 employees. The auxiliary custom survey was conducted in January 2013.
A trusted provider of identity-based security solutions, Entrust secures governments, enterprises and financial institutions in more than 5,000 organizations spanning 85 countries. Entrust's award-winning software authentication platforms manage today's most secure identity credentials, addressing customer pain points for cloud and mobile security, physical and logical access, citizen eID initiatives, certificate management and SSL. For more information about Entrust products and services, call 888-690-2424, email [email protected] or visit www.entrust.com.