The torrent of smartphones and tablets entering companies has created some interesting challenges for security managers. The new devices introduce new operating systems, new development environments and new security risks, but no new control. The scariest acronym in security might well be "BYOD," or "bring your own device." As companies develop security and mobility strategies to deal with these devices, it is worth bearing in mind the lessons learned from managing laptops. But it is also worth applying some of the new lessons from smartphones on the laptops, too!
To get a better understanding of the state of security in the mobile world, we (at Nemertes Research) asked IT executives to tell us about how they secure mobile devices and laptops. To make things interesting, we first asked about "mobile device" security and then followed up by asking about laptops. Now, you may be thinking that laptops are mobile devices and therefore we simply wasted a couple of questions asking the same thing again. Turns out that companies treat laptops very differently than the way they treat mobile devices (i.e. smartphones and tablets).
[ InfoWorld's Galen Gruman says forget the free coffee -- employees really, really want an iPhone. | Also check out our comparison of mobile security: iOS vs. Android vs. WebOS vs. the rest. | Stay ahead of advances in mobile technology with InfoWorld's Mobile Edge blog and Mobilize newsletter. ]
MORE ON SMARTPHONE SECURITY: Smartphone security follies: A brief history
Both types of devices have some common security controls, namely device encryption (HDD and media) and VPN capability. But from there, they diverge. Smartphones and tablets are mostly protected against theft. Companies apply security controls such as "wipe and lock," GPS tracking and GPS fencing to control the data and location of the device. On laptops, meanwhile, the top security controls were anti-malware and firewalls, protecting the devices from network and application attacks.
Why the discrepancy? Companies own the laptops but users own the phones and tablets, in general. But if you look carefully at the data, even those differences do not explain the disparity in security controls. Why are there so few network and application controls on mobile devices? Why are there so few anti-theft controls on laptops? Why no "wipe and lock," GPS tracking and fencing? More and more laptops ship with GPS and 3G/4G, and more and more attacks target networked smartphones and their applications.