Security Experts:

Mobile Device Vulnerability Management a Top Concern, Survey Shows

Findings from a recent study conducted by Tenable Network Security during the RSA Conference earlier this year, show that mobile device vulnerability management is a major concern for IT security teams.

The findings from Tenable are not too shocking, as the topics of mobile device management, data protection, and risk assessment dominated floor discussions during the show.

According to their study, Tenable said that respondents told them that protecting sensitive customer data is the top goal for security professionals when it comes to mobile device security.

Vulnerability in SmartphonesWhile the sample size was quite small at 104 individuals, forty-seven percent of respondents listed ‘protecting sensitive customer data’ as the most important reason to deploy technology that identifies known mobile device vulnerabilities for devices attached to their network. Nearly half (46%) listed ‘data leakage’ as the top concern when a mobile device is lost, stolen, or hacked.

Based on what they were told, Tenable said nearly 70% of the people they spoke with listed mobile device vulnerability management as ‘very important’ when compared to other security initiatives.

“Mobile devices add an entirely new level of complexity to an organization, but security too often takes a back seat to convenience,” said Ron Gula, CEO and CTO of Tenable Network Security.

Almost all of the respondents agreed that mobile devices present a security risk to their respective networks, but 67% of them admitted to having noting in place to control mobile usage, or if they did have such controls, employees simply ignored them.

“With the proliferation of enterprise mobility, the ability to keep track of these devices and understand how they impact your network and pose new security risks is critical,” Gula added.

“Mobile device security needs to be a top priority, especially considering the majority of the mobile workforce will circumvent mobility policies in order to do their jobs.”

With that said, nearly half (44%) the respondents said their company planned to invest $50,000 to $100,000 in mobile device security over the next 12 to 15 months. Another 33% said their organization will invest $15,000 to $50,000.

Steve Ragan is a security reporter and contributor for SecurityWeek. Prior to joining the journalism world in 2005, he spent 15 years as a freelance IT contractor focused on endpoint security and security training.