subject: Is Data Protection Really Possible In A Mobile World? [print this page] Mobile computing and BYOD make data protection even tougher
The challenges of data protection in a mobile world
New vulnerabilities
Hacktivists made sensational news headlines in 2011, but their strikes overshadowed a host of other break-ins including Epsilon Interactive, Silverpop, Citigroup, Honda Canada, Lush UK and Lush Australia which showed some clear trends:
Large customer databases are targets millions of stolen records can feed future spear-phishing campaigns and leave big financial scars: the Epsilon Interactive data breach alone is said to have cost the company in billions;
Browsers are targets browser injections, via exploits in software like Adobe Reader and Flash Player, are an effective avenue for malware delivery;
Users are targets using social media to gather personal details for spear-phishing campaigns, often used in APT-style campaigns;
Greater mobility the steep rise in routine use of smart phones and media tablets is further eroding the perimeter;
BYOD (Bring Your Own Device) - and the blurring of boundaries between working and social networking are opening new points of exposure;
Virtualisation Network World warns that decisions to link virtualized environments to cloud-based services also mean coming to grips with new security considerations.
Cloud-based services - another moving frontier on the battlefield with cyber crime.
New risk: environment change
Some of the biggest risks are emerging from how we do business now, such as in the cloud. CIOs and CISOs are starting to see this [the cloud] as a potential enormous risk, said Larry Ponemon after a recent survey by his institute, because the environment is out of their control and they have to rely on the assurances of the cloud providers. Verizon underscores this: Its more about giving up control of our assets and data (and not controlling the associated risk) than any technology specific to the Cloud.
Even so, Gartner predicts that over 50% of the world's largest companies will be storing customer-sensitive data in public clouds by the end of 2016. Gartner also warns about growth in consumerization and cloud computing: The combination of new vulnerabilities and more targeted attacks, Gartner predicts, will lead to continued growth in bottom-line financial impact because of successful cyber attacks."
Perhaps, only the growth in mobile computing and BYOD could cause more anxiety for CIOs than handing over sensitive data to cloud providers. Not only will there be pressure to decide how to protect and manage these [mobile] devices, which are growing as malware targets, writes Network World but, the complexity of this task is magnified many times over because companies are allowing employees to use their own personal smart phones and tablets for business purposes.
In fact, Gartner expects that 80% of organizations will have tablets by 2013 and IDC predicts that at least 50 percent of enterprise email users will rely primarily on a browser, tablet or mobile client instead of a desktop client by 2016. As browsers and web applications are already targets for malware, along with iOS, Android, Windows Mobile and other platforms, mobility poses a real security headache for CIOs.
