Data Loss from Missing Mobile Devices Ranks as Top Mobile Device Threat by Enterprises
New Survey by Cloud Security Alliance Mobile Working Group Outlines Top Mobile Threats
San Francisco, CA – October 4, 2012 – The Cloud Security Alliance (CSA) Mobile Working Group today released findings from a new survey that calls out the specific security concerns enterprise executives say are the real and looming threats as it relates to mobile device security in the enterprise environment. The new report, titled Top Mobile Threats, is a result of a survey of more than 200 enterprise participants representing 26 countries globally. The survey serves as an important first step in a larger effort to provide industry guidance on where enterprises should place their resources and focus when it comes to addressing mobile security threats.
With the rapid adoption of mobile computing, and immediate connection to cloud computing, the CSA established the Top Threats to Mobile Computing research discipline, in addition to the current Top Threats to Cloud Computing, to provide its membership with specific data on how the security community views such threats.
“Personally owned mobile devices are increasingly being used to access employers’ systems and cloud-hosted data, both via browser-based and native mobile applications. This without a doubt is a tremendous concern for enterprises worldwide, “ said John Yeoh, Research Analyst for the Cloud Security Alliance. “The results of this research will play an important role as we set out to develop much needed guidance on where time, talent and money should be placed when it comes to addressing mobile security threats.”
Rank of Top Mobile Threats
- Data loss from lost, stolen or decommissioned devices
- Information-stealing mobile malware
- Data loss and data leakage through poorly written third-party applications
- Vulnerabilities within devices, OS, design and third-party applications. Insecure Wifi network or rogue access points
- Insecure WiFi, network access and rogue access points.
- Insecure or rogue marketplaces
- Insufficient management tools, capabilities and access to APIs (includes personas).
- NFC and proximity-based hacking.
“The results of the CSA Mobile Working Group survey are testament to the security threats that mobile devices introduce to the corporate network,” said Patrick Harding, CTO, Ping Identity. “With more and more enterprises adopting a BYOD model, it is critical that mobile devices adhere to the same corporate security policies as other devices and that proper identity and access management processes are put in place to ensure the security and integrity of the organization.”
The results in the Top Threats to Mobile Computing report, which focused on those threats posed by smartphones and tablets, are intended to aid information security professionals and educate the industry about security concerns. In addition to identifying top threats, respondents also indicated a couple of additional concerns with 64 percent of respondents believing that NFC and proximity-based hacking will happen in 2013. Also 81 percent of respondents believe that insecure WiFi and rogue access points are already happening today. This is of particular concern as the proliferation of mobile devices consequently increases the use of and reliance on WiFi networks.
“The CSA Mobile Working Group findings highlight the threats that experts in the field find to be the most critical. There are few stronger indications of where we should be focused that that,” said Dan Hubbard, CTO of OpenDNS. “As we move further into an era where mobile computing is ubiquitous, we’re seeing an entirely new threat landscape that involves newer concerns like lost devices and rogue marketplaces, but also a heightened level of concern over insecure public WiFi as we rely more and more on access as we travel.”
The CSA Mobile working group is responsible for providing fundamental research to help secure mobile endpoint computing from a cloud-centric vantage point. The CSA invites interested companies and individuals to support the group’s research and initiatives. Companies and individuals interested in learning more or joining the group can visit https://cloudsecurityalliance.org/research/mobile/
About Cloud Security Alliance
The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, visit us at www.cloudsecurityalliance.org, and follow us on Twitter @cloudsa.
Kari Walker for the CSA