According to a recent survey of Linkedin Information Security Community members about BYOD and mobile security, IT professionals seem to be cautiously optimistic about their ability to manage and secure mobile devices. However, a closer look reveals that organizations may be in more trouble than they realize.

Leading responses to the question about the negative impact of mobile security threats are troubling, as they seem to suggest a lack of understanding or concern about mobile security by a large percentage of IT professionals:

  • Additional IT resources required: 30 percent
  • Don’t know: 27 percent
  • None: 23 percent

Survey respondents were also asked what tools they are using to secure and manage mobile devices:

  • Mobile device management (MDM): 43 percent
  • Endpoint security tools: 39 percent
  • Network access controls: 38 percent
  • Endpoint malware protection: 30 percent
  • None: 22 percent

Because multiple answers were allowed, some respondents could be taking a “defense-in-depth” approach to mobile security. Still, the emphasis on MDM suggests that IT professionals may not be considering the bigger picture.

Mobile security most commonly begins with MDM, which involves the deployment, monitoring, integration and support of both company-owned and user-owned mobile devices in the workplace. While MDM enables organizations to optimize mobile performance and protect sensitive corporate data, MDM is just one part of the security equation.

Savvy organizations are focusing less on protecting mobile devices and more on protecting the data that is accessed, transmitted and stored by those devices. An increased reliance upon mobile applications has also placed greater emphasis on application security, especially in bring-your-own-device (BYOD) environments.

The focus on data protection has led to a shift to mobile application management (MAM), a more user-centric approach that emphasizes the administration and configuration of software and applications on mobile devices. MAM enables improved security and easier separation of company data and user data. It also provides the flexibility required to get employees to embrace mobility initiatives without compromising security.

Another emerging trend is mobile content management (MCM), which focuses on providing secure access to company data on mobile devices. MCM includes file storage, file sharing and identity management tools. Secure data storage containers are often used to house the most sensitive corporate data and applications that are downloaded to user mobile devices. “Containerization” enables IT to focus on securing a specific compartment within a device instead of the entire device. It also allows users to maintain full control over their devices without putting corporate data at risk.

The key to mobile security is striking the right balance between security and user acceptance and productivity. You must enforce security policies that ensure the use of best practices by authorized users and prevent intrusion by unauthorized users, but it does no good to have a BYOD policy if it requires IT to completely take over employee mobile devices. Mobile security must account for the needs of both the organization and its employees, and new tools are emerging to help accomplish that goal.