As small and medium-sized businesses sort through the security implications of the consumerization of IT, solutions providers find business opportunities in vulnerability assessment, policy development and security education.
Value-added reseller opportunities in the consumerization of IT
How BYOD can be an opportunity for VARs
Ideas for mobile device services
Finding your niche in the consumerization of IT
Mobile vulnerabilities fall into two main categories: malware (in the form of viruses or information trackers from downloaded applications) and data loss (through email, the cloud, and lost or stolen mobile devices). Many SMBs understand the risks of employees using personal mobile devices and consumer cloud services, but very few have taken the time to assess the threats specific to their organization, solutions providers said.
"You need to be conscientious and vigilant all the time," said Darrel Bowman, CEO at Mynetworkcompany.com, a Tacoma, Wash., managed service provider.
One of the biggest culprits in mobile security incidents is email, said Michael Farnum, security advocate at Accuvant Inc., a security solutions provider based in Denver. That's because many people still share privileged corporate information via email, he said.
Encryption might protect documents opened and viewed on notebook computers, but similar protections aren't always applied to smartphones and tablet devices. "The major threat is the data propagation on all these different devices," Farnum said.
Most businesses are astonished to discover the volume of sensitive information and intellectual property finding its way onto mobile devices, said Carl Mazzanti, CEO at eMazzanti Technologies, an IT consulting company in Hoboken, N.J. For example, Mazzanti's own smartphone includes more than 5,000 contacts from his address book and customer relationship management applications, along with notes, he said. EMazzanti encourages SMBs that have implemented a bring your own device (BYOD) program to insist that employees use technologies or applications that allow for remote wiping, Mazzanti said. That way, if a device is lost or an employee is terminated, the IT team can take action to remove sensitive data, he said.
There are dozens of mobile device management (MDM) tools emerging to address the consumerization of IT and the different aspects of the mobile security challenge. But organizations probably need more than one of these tools to address specific vulnerabilities, Farnum said.
I think that businesses are going to see evidence of this problem. It is too big to ignore.
security advocate, Accuvant Inc.
Accuvant is working closely with clients to help them better understand mobile devices' specific risks . This will require discussions with both IT professionals and business-side executives who are interested in allowing BYOD, Farnum said. It will also require education. "I do believe that the IT and security teams see this as an issue," he said. "Whether or not the business side is clued is an issue. But I think that businesses are going to see evidence of this problem. It is too big to ignore."
Towerwall Inc., an IT security services firm in Framingham, Mass., works with mobile development management vendors including AirWatch LLC, Fiberlink LLC, Good Technology Inc. and Trend Micro Inc. It offers mobile application penetration and MDM assessments to help businesses determine which approach is best, because no one MDM suite covers the entire range of possible vulnerabilities, said Michelle Drolet, CEO and co-founder.
"What we are being brought in to do is the gruntwork to figure out what the organization needs to do and which technology is right," Drolet said.
One of the biggest current vulnerabilities involves applications that allow documents to be edited, rather than just viewed, on a mobile device, Drolet said. AirWatch and Fiberlink are planning technology updates that address this area, she said. In addition, solutions providers can help their clients shore up their protection by helping them understand which classes of data need to be protected.
"We can stop it from getting to the wrong place in the first place," Drolet said.
About the expert
Heather Clancy is an award-winning business journalist in the New York City area with more than 20 years' experience. Her articles have appeared in Entrepreneur, Fortune Small Business, the International Herald Tribune and The New York Time. Clancy was previously editor at Computer Reseller News, a business-to-business trade publication covering news and trends about the high-tech channel.