informa
Quick Hits

Tablets Require More 'Sophisticated' Security

Forrester Research report finds tablets all the rage, while mobile security lags
Nearly 70 percent of enterprises plan to write mobile apps for tablets and similar mobile devices this year, but mobile security remains mostly an afterthought even amid the onslaught of iPads and other tablet devices, according to a new report by Forrester Research.

Forrester says the tablet and related mobile app explosion requires security departments to "get ahead of the curve" and be more proactive in crafting the enterprise mobiles strategy -- including risks, policy, auditing, and management technologies. "Ultimately, if a mobile implementation is to succeed, you must fight to have it take place with security first and foremost on the agenda," says the report, authored by Forrester analyst Chenxi Wang.

About half of enterprises require password-protection for mobile devices, and about 40 percent use device-loss protection tools, according to a Forrester survey last year of 1,033 IT decision-makers. Device encryption is used in 30 percent of the organizations; strong authentication, in 12 percent; and data loss prevention, in 10 percent. Some 37 percent had implemented antivirus; 34 percent, Web security; and 31 percent, application control.

A Q1 2011 survey by Forrester of more than 1,000 IT decision-makers found about half running wireless email and electronic calendar mobile apps, and 27 percent with network and systems management alert apps for their mobile devices. Less than 10 percent had customer-facing and salesforce apps installed as well.

Tablet and tablet apps require more advanced security than other mobile devices since these devices will be used for data-intensive tasks and are more likely to store sensitive information, Forrester says.

"Mobile application development is a relatively new field. Few development organizations have the expertise to master the nuances of mobile architecture and its security implications," the report says. "Commercial technologies for securing mobile application code are emerging and not yet mature. Vulnerabilities in the mobile code, flawed application architecture, or improper handling of credentials can lead to embarrassing data breaches, network intrusions, or endpoint attacks, as Citigroup found in July 2010: One of its eCommerce iPhone apps was saving user credentials in a plain file on the phone. To mitigate risks associated with mobile applications, security professionals should follow best practices when collaborating with the development organization as the enterprise moves ahead with a mobile app strategy."

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Recommended Reading: