June 28, 2012 - The popularity and massive growth of smartphones for business use is forcing enterprises to sit up and rethink their security and defense mechanisms. In the report "Enterprise Mobile Device Security: Development Guidance to Tackle the Mobile Security Minefield" (Doc # FIN235403, June 2012), IDC Financial Insights examined the need for enterprise mobile security, especially within the mobile banking and payment arena, and discussed core measures for enterprises to boost mobile security, including mobile device management (MDM) and mobile application management (MAM).

"By 2012, the Asia/Pacific region will command 47% of the global smartphone pie, which is equivalent to 541 million units (See Figure 1). With the rise of smartphones, IDC expects malicious mobile software - or malware such as viruses, worms, trojan horses, spyware and other rouge applications - to increase exponentially as we move into the future and this will in return amplify demand for mobile security solutions in Asia/Pacific," commented Li-May Chew, CFA, Associate Director for IDC Financial Insights Asia/Pacific Financial Advisory Service.

Meanwhile, the increasing prevalence of mobile devices within the business environment, also known as the consumerization of IT or the bring-your-own-devices (BYODs) phenomenon, coupled with increasing popularity of mobile banking, payments and wealth management schemes further imply that these instruments will become a more prominent vector of attack for cybercriminals seeking to harvest corporate and financial data. For instance, malware could incorporate fake mobile banking applications in legitimate application stores to steal personal banking information.

Preventive measures to stem enterprise mobile security threats include MDM such as robust security tools to remotely secure, monitor, encrypt and manage data, and MAM to secure and control corporate data and applications on an app-by-app basis.

Chew, adds, "Nonetheless, it is not all about installing stringent mobile security features. As cliché as it may sound, we - device owners and end-users - are typically the weakest link when it comes to information security. It is thus up to enterprises to increase employee awareness of these threats and introduce programs to inculcate secure practices in the work environment."

Important to note is that although majority of organizations that allow BYODs have developed policies to support this trend, most employees are not aware of their company's mobile security policies. With more enterprises allowing employees to use non-standard unmanaged devices for work to access sensitive corporate information, the need to educate staff about mobile security policies and ensure that they are adhering to necessary security mandates intensify.