It found that 25% of Australian companies (surveyed) have at least 50% of their workforce accessing corporate content via the unsecured Internet instead of through a secure Virtual Private Network (VPN). More than 70% have at least 25% of employees accessing enterprise business applications and documents from a mobile device.
This is despite the fact that 84% of organisations have deployed a VPN for remote access to their network and business application access.
That’s according to a survey of chief security officers (CSO) staged at last month’s AusCERT conference by Zscaler, the industry’s first Security as a Service platform. Zscaler’s survey found that access to a VPN was a major cause for concern for 36% of them as this also provided employees with unfettered access to the entire corporate network.
Scott Robertson, vice-president Asia Pacific and Japan, Zscaler, said, “The world of IT security has undergone tremendous transformation, sparked by the consumerisation of the enterprise, the adoption of cloud computing, the ubiquity of mobile and BYOD devices and the evolution of threats, which are more serious today than they have ever been before.
“Mobile devices, and the advantages they offer have changed the way business is conducted. However, smartphones and tablets have also have brought a new class of security threats and attack vectors. The varied mobile platforms and devices, along with the exponential growth of mobile apps can quickly become a security and compliance nightmare for enterprises to manage.”
The survey also revealed that:
- 33% of CSOs had seen the number of mobile device users increase by between 25-50% over the last 12 months.
- 60% are using their mobile devices to access business applications more than 25% of the time.
- 54% of CSOs have up to 25% of business applications in the cloud
- 20% of CSOs have between 25-50% of applications in the cloud
- 28% of CSOs will have more than half of their applications in the cloud in the next 12 months
“This survey suggests that in today’s enterprise everywhere business, users can instantly download un-vetted apps from the cloud, opening them up to a variety of brand new threat vectors. The issue puts IT in the awkward position of balancing personal privacy with corporate security across platforms that you not only don’t own but may not even be aware of. To make matters worse, these platforms constantly change, opening vulnerabilities that you may be completely unaware of. Every time mobile devices connect to the Internet, they may be exfiltrating data, connecting to a botnet, or downloading malware from the cloud along with what they think they are getting,” Robertson said.
“While no-one seriously thinks we can turn back the clock on mobile device and mobile app usage, new and more effective security measures are required. Security industry offerings that tried to graft existing PC era security technology onto mobile devices, as well as mobile device management (MDM) solutions, have proven inadequate to secure properly mobile devices and the networks they are accessing. True mobile security requires the ability to understand and classify mobile applications through traffic patterns, identify threats in real time and enable quick corrective action."