One of the biggest drivers for enterprise mobility is the need for seamless access to information. Employees have grown accustomed to having ubiquitous information access in their personal lives and expect the same in their professional lives. In the past, employees would try to compartmentalize their personal and work lives in order to protect their personal time from job encroachment. Now, the opposite is true. Many employees move seamlessly between work and personal life and expect that their employers will support this new work paradigm.
Some enterprises struggle to create a business case that quantifies productivity gains and calculates a return on investment for mobility technology. This is very difficult to do, however, and most enterprises simply accept the idea that mobility results in productivity improvement. For many employees, a mobile work environment is now an expectation, analogous to the expectation that their employer will provide a local area network and Internet access. Therefore, many enterprises often deploy mobility technology without any up-front justification or global planning.
Data leakage
The most profound risk to enterprise mobility is data leakage on mobile devices. Once a user transfers sensitive data to a mobile device, that data can be compromised if the device is lost or stolen, or the data is transferred to another device. This concern is exacerbated by the fact that the design of most mobile devices is driven by the needs of consumers rather than businesses and therefore is often unsuitable for the enterprise. Lastly, the mobile device has become the new network perimeter, so enterprises can no longer simply rely upon firewalls in order to lock down their sensitive information.
Some organizations have a policy that requires users to encrypt sensitive data on a laptop hard drive, but few organizations encrypt sensitive data stored on handheld devices. This means that sensitive data on a handheld is often more vulnerable to theft. In the event of a lost or stolen mobile device, many enterprises will remotely "wipe" the device, thereby removing sensitive information. Some vendors, such as Research In Motion (RIM), enable the IT manager to remotely disable the mobile device and restore it to factory defaults. Some enterprises have invested in technology to find lost or stolen laptops, such as Computrace's LoJack for Laptops product.
Many organizations encrypt sensitive information that is transmitted between the mobile device and enterprise servers by using virtual private network (VPN) technology. This "in transit" encryption is typically performed while users communicate on the road or at home. A few organizations even enforce the use of VPNs while users communicate over the office wireless LAN (WLAN).
Although many organizations enforce the use of two-factor authentication on laptops, handheld authentication policies lag behind laptop authentication policies. For example, many organizations require a simple four-digit personal identification number (PIN), or no password at all. If a handheld device does not have a password and is lost or stolen, any sensitive data stored on it is easily accessible. The small size of handheld devices makes it easy for them to fall out of a pocket or purse and thus to become a security risk.
Data leakage on mobile devices is a major risk for almost every enterprise. Unfortunately, handheld security policies often lag behind similar laptop security policies. This can result in security breaches and increased legal liability. Enterprises must carefully evaluate their risk tolerance and then secure sensitive information before granting mobile device access privileges to users.