More than half - or 56 percent - of Australian organisations surveyed by Forrester Consulting on behalf of Unisys, reported that security continues to be of great concern when allowing employees to access business data via a smartphone or tablet in the workplace.
And, 61 percent of organisations surveyed for the 2012 Australian “Consumerisation of IT” study - cited implementing or improving mobile security as being a top mobility priority next year, while the majority of respondents – 66 percent – said that their focus would be on deploying password-based authentication for mobile users.
However, according to John Kendall, Security Program Director, Unisys Asia Pacific, fewer are considering more sophisticated security measures, and only 18 percent are considering token-based authentication, with15 percent considering biometric-based authentication.
“A truly effective security approach requires a combination of strong policy and technology as well as the means to enforce both.
“The risk of a data breach via compromised passwords is higher in a mobile environment because mobile devices can be easily lost or stolen. Unisys recommends that organisations consider multifactor authentication, where the employee is identified not only by ‘what they know’ (a PIN or password) but also by ‘who they are’ (a biometric such as a fingerprint or face scan) to protect sensitive assets.”
According to Kendall, security policies are only effective if employees adhere to them, and he points to the research which revealed that while almost 90 percent of Australian organisations have security policies in place, nearly half of them admitted that they lacked the tools to implement or enforce security policies.
The Unisys study also found that, at the same time, only 64 percent of surveyed employees said they were aware of their company’s security policy, leaving 36 percent who were not. “Those uninformed workers could unintentionally breach the company security policies. In addition, 6 percent of Australian employees say they sometimes ignore or work around their company’s security policies,” Kendall said.
Kendall said the research also exposed a potential security risk in the recent phenomenon of employees using BYO apps, with 42 percent of Australian employees admitting they had downloaded unauthorised mobile apps or PC software for work.
“BYO apps bring a two-fold security risk: sometimes easily downloadable apps can be malicious vehicles for network breaches and data theft. To avoid negative consequences of employees’ using unauthorised software, organisations can create a company ‘app store’ that contains approved, secure software – either developed internally or purchased from a third party – to safely provide employees with the capabilities they need to do their work productively.”
Kendall also suggested that rather than rely solely on controlling access to data, organisations should consider securing the data itself via encryption. “That way even if the wrong people gain access to where the data resides, they still can’t read the data,” he said.
“The good news is that today’s mobile world is necessitating – and enabling – sophisticated new approaches to security. For example, attribute-based access control is an emerging technology that grants access based not only on the nature of the data and the individual requesting access. It also factors in the location from which access is being requested and the method used to authenticate identity – for example, requiring a fingerprint rather than a password for access to more sensitive information.
“Attribute-based access control also identifies anything about the access request outside the employee’s normal pattern, such as attempts to access information they don’t normally access or at hours outside their normal work schedule. Such approaches help stop data breaches before they happen by automatically enforcing appropriate security measures,” Kendall concluded.
The Australian study by Unisys was part of a broader global research study of employees/information workers and IT decision-makers conducted in June this year in the United States, Belgium, Brazil, France, Germany, The Netherlands, New Zealand and the United Kingdom. In Australia, there were 307 iWorker respondents and 79 IT and business respondents, with 90 percent from organisations with more than 1,000 employees.