There’s a great mobile security worry among IT managers, who believe that mobile devices are the easiest way enterprise data can be breached. But the facts say something very different, writes Galen Gruman, InfoWorld executive editor, in his SmartUser blog. He concludes, “There’s simply no evidence to support this fear. In fact, there’s solid evidence that says mobile devices are not a significant—or even moderate—risk factor.”
Gruman draws his conclusion from data compiled in the Identity Theft Resource Center’s database of personally identifying information breaches. He says that he hasn’t found any mobile-linked breaches in the database for several years, including in the most recent one, the 2016 report.
What does show up, he says, are “Paper records, thumb drives, external hard drives, laptops, hacks into databases and storage systems, and successful phishing attempts.” Gruman adds: “None of the lost, stolen, or compromised devices were smartphones or tablets. That’s probably because encrypted devices need not be reported; they’re presumed safe. iPhones and iPads have long encrypted their contents, and professional-grade Android devices have done that in recent years. In both cases, a simple IT policy can enforce that encryption.”
Gruman also points out that cloud storage services that worry IT, such as Apple iCloud Drive, Box, Dropbox, Google Drive, and Microsoft OneDrive don’t show up in the report, either, although he adds that it’s possible that a lost, unencrypted laptop has been used to get to cloud data accessible to it. But still, he says, “we didn’t see cases of these popular cloud storage services as the specific vector of a data breach—despite frequent IT fears to the contrary.”
As for keeping mobile devices secure, he says that even though no breaches have been reported, it’s a good idea to use a mobile management tool to improve mobile security.
We recommend going even beyond that level of mobile security. You should use a security-conscious tool to build your mobile apps, so that security is baked right into it. With Alpha Anywhere, you can easily implement robust mobile app security to protect your sensitive data. With it, you can add a sophisticated application security system to your web or mobile app running on the Alpha Anywhere Application Server. It lets you track users, groups, and pages to make sure only authorized users see the appropriate data. And, you’ll be able to ensure that your data is only updated and modified by those users with the correct permissions by setting field-level access controls. The Alpha Anywhere security system tests every page and file request to authorize access so that you don’t need to write any code to control access to various resources.
More details about Alpha Anywhere’s sophisticated, robust security
Learn 5 ways to boost mobile app security.
Perspective on IoT mobile app security issues -- improving cars through connected app security.