Firms with mobile security disconnect 'prevalent'

Mobile devices pose security risks but many companies not paying much attention to potential threat and, when they do, wrongly budget cost of securing these devices, analyst notes.
Written by Kevin Kwang, Contributor

SINGAPORE--Many companies are not paying much attention to mobile security despite increasing adoption of IT consumerization and bring-your-own-device (BYOD), and even when they are, their CFOs are not allocating enough resources to secure employees' devices.

Tim Dillon, associate vice president of mobility and end user research at IDC Asia-Pacific, said the onset of more consumer devices entering the enterprise arena had led to increased support costs and security complexities. He was speaking at the research firm's Enterprise Mobility Conference 2012 held here Thursday.

Despite the fact these mobile devices are not secure, Dillon pointed out that companies are still not focusing on mobile security implementations. Citing a February 2012 survey which polled over 600 companies, he said 80 percent of respondents indicated their main challenge was to convince top-level management mobile security was important.

Budget differences
For companies that were looking to bolster their mobile security posture, Dillon said there appeared to be a "disconnect" between the cost needed to protect employees' devices and the budget set out by the organizations' CFOs.

He noted that for most mobile security vendors such as MobileIron that had endpoint products, they usually offered licenses per device and not according to headcount. CFOs who were not familiar with the licensing structure of these security products, on the other hand, might budget for mobile security according to headcount.

As such, a company's mobile security budget, which allowed for one license per person, would be exceeded by two times or more should each employee have two or more such devices to safeguard, the IDC analyst said.

When asked how often such budget misalignments occurred, Dillon told ZDNet Asia at the events sidelines that this was a "fairly prevalent issue" and posed a problematic challenge for many organizations.

He added these costs issues would happen because IT departments might not be the ones driving the push for enterprise mobility, but business units such as marketing or sales. As such, IT would merely provide the backend support and the CFO would not have an accurate insight on how many devices might need securing, he explained.

App development costs an issue
Besides mobile security, Dillon also pointed out that providing business applications for users might also become a cost challenge companies have to overcome when implementing enterprise mobility policies.

One company he spoke to revealed they spent US$50,000 to refresh its Android-based business app each time the Google mobile operating system (OS) was updated, the analyst explained. Considering there are at least two major platforms--Android and Apple's iOS--in the market right now, this meant a substantial amount would need to be dedicated just to keep apps updated, he said.

The was why outsourcing app development could be a viable option for companies looking to "futureproof" this aspect of their business, he suggested.

"Outsourcing would solve the skills issue where companies have no internal resources to develop applications, and would also help bring down costs should they find the right pricing model offered by the vendor," Dillon stated. "The key reason, though, would be the speed-to-market benefit third-party app developers offer companies."

Sowrirajan Santhanakrishnan, assistant vice president and head of mobility practice at Cognizant, added that to safeguard their investments in enterprise app developments, companies should have their internal IT teams build apps based on standardized mobile development app platforms such as HTML 5.

The executive, who also spoke at the IDC conference, added the IT department would also have to come up with a framework regarding app development as well as deployment within the organization, to prevent business users from circumventing existing mobile policies and causing security or governance issues.

The framework should include four parameters, namely, governance, compliance and security, support, and technology, identified Santhanakrishnan, who added that end-users could then innovate and request for certain functionalities within these boundaries.

Editorial standards