Disaster awaits mobile device use

Local companies are exposing themselves to major vulnerabilities as they still do not have control over data sitting on employees' mobile devices.

So says Garth Hayward, regional manager, Africa, at Kaseya, commenting on the findings of the ITWeb-Kaseya Managing Mobile Connections Survey, which ran for a fortnight on ITWeb Online, attracting a total 223 responses.

Last year, Kaseya and ITWeb ran a similar survey, which also discovered that the majority of South African organisations (43.94%) were overlooking data control.

This year, almost half of the respondents (49.75%) revealed they do not have control over data movement between mobile devices and local data. Only 23.86% said they have control, while 26.4% were unsure.

Hayward says this is an issue that needs to be addressed with urgency before disaster strikes. “Clearly there is a lethargy in this not being addressed; it has serious legal and audit compliance consequences which need to be managed. It seems to me that it will take a published disaster to act as a call to action, and that's unfortunate.”

Though the control of data flow is lacking, the study, however, discovered that, in the majority of organisations (43.27%), more than 81% of the workforce use mobile devices such as cellphones, tablets and laptops for business use other than basic calling and SMSing.

The figure was distantly followed by 14.9% who revealed that only 20% or fewer of their employees use these devices.

According to Hayward, there are three main contributors driving the use of mobile devices for business.

“Firstly, the ease of access and integration to mail and corporate systems are now available; secondly, the increase in productivity and coverage afforded by 3G data networks, so as not having to be in a set location such as an office to access information; and thirdly, the cost savings in travel and time,” he explains.

On security, Hayward says: “The gadgets need to be managed as you would any device authorised to access corporate data; in addition, companies need to have a set policy and procedure in place if the device is mislaid. Locating, tracking and wiping the data remotely are critical functions.”

He also points out that the security of a company's information is of paramount importance and there should be strict policies that govern this. “This extends to access, virus and malware protection, provisioning and recovering data on these devices.”

The survey also asked the respondents to rate the impact to the business in the event of a remote or mobile device being compromised. This was done on a scale of one to five - one being no impact and five being a very large impact. Most businesses (32.21%) gave it a three, followed by 29.81% who gave it a four, and 18.75% who gave it a five.

The biggest concern regarding the use of mobile devices for business is data leaks, as cited by 45.19% of respondents. Data loss (37.5%) is another thorn in the flesh.

Asked to describe the nature of remote access in their businesses, the majority (66.83%) said messaging.

The study also determined that to ensure business data on mobile devices remains secure, the majority (59.13%) use user access control. On the other hand, 37.5% trust secure, encrypted network traffic, while others use data encryption (33.65%), device monitoring (24.52%), and intrusion detection (16.83%).

Most enterprises (32.49%) use the BlackBerry Enterprise Server to manage mobile devices, while 27.41% do it manually, and 24.37% do not manage the devices at all.

Another interesting finding was that a lot of organisations (66.83%) do not allow their employees to use mobile devices to capture customer orders or information.

Commenting on the overall findings, Hayward says he was taken aback by the results. “Comparatively, not much has changed in 12 months and this shows avoidance by companies in both taking advantage of the great benefits of using these devices and managing the risk associated in their use.”