Not a day goes by that some headline isn't screaming about the existential threat posed by mobile computing. Attacks are up some astronomical percentage! Gen Y employees won't follow the rules! App stores are breeding grounds for malware! We even have breakout conferences within conferences to hash out mobile security. The number of respondents to InformationWeek's 2013 Mobile Security Survey jumped about 32% over 2012. The device type and platform diversity in bring-your-own-device programs is apparently causing so many problems that IT teams just want to pack up their servers, send everything to the cloud and go home.

Hold on a minute. Mobile security isn't something you can buy, so put down the checkbook, back away from the MDM system and realize that what we have here is a process and a trust problem.

I don't blame CIOs for feeling like a deer in the headlights. But I do blame many of them for thinking that mobility is different from any other IT security challenge. Heck, the risks aren't even new. The big increase in concern simply highlights the bad process, communications and technology decisions that most infosec teams have made over the past 10 years.

Take a look below at the "Top Five" checklist from a major mobility and IT security provider (which shall remain nameless):

1. Label all mobile devices with user and company information.

2. Require a user to authenticate to the device using a security password.

3. Define authentication features, such as password expiry, attempt limits, length and strength.

... Read full story on InformationWeek


Post a comment to the original version of this story on InformationWeek