4. Third-party applications. No surprise here - Angry Birds, Dropbox, and Facebook represent a threat vector for malicious code and data exfiltration. Little wonder then that 40% of enterprise have implemented security controls (i.e. Web controls from Blue Coat, ProofPoint, Trend Micro, etc., NGFW from Check Point, Cisco, Fortinet, Juniper, McAfee, Palo Alto, etc., application controls from Bit9, Symantec, Viewfinity, etc.) to detect and/or block this behavior.
Yes, security professionals are concerned about mobile malware - in fact 80% believe that mobile malware threats will become "significantly" or "somewhat" more dangerous in the next few years. Security professionals' fear is certainly supported by the fact that Android malware is growing in the triple digits as many researchers claim. That said, this malware seems to be consumer-focused and centered in Asia today, so it doesn't represent an enterprise threat in its current iteration.
IT risks associated with mobile computing will certainly evolve over time and CISOs should remain engaged and diligent. Nevertheless, the ESG data indicates that mitigating mobile computing risk comes down to sound policies, layered security controls, continuous monitoring, and user/IT training. As security professionals, we've seen this movie a thousand times before. CISOs know how to manage this risk but they will need help from others to do so effectively.
Source: Network World
Sign up for Computerworld eNewsletters.