We talk a lot about security. People don’t want to use certain apps or visit sites because they do not consider them to be secure enough. Some of these people, it seems fall into the group that do not have any security on their own mobile devices.
Fiberlink is a company that delivers enterprise mobility management solutions. MaaS360 (News - Alert) is an enterprise mobility management (EMM) platform that enables IT to deliver end-to-end security and management.
Recent data from Fiberlink’s MaaS360 platform reveals that 15 percent of organizations still don’t enforce passcodes which is the most basic security measure. When you consider that bring your own device (BYOD) is gaining momentum in the enterprise, that number seems high.
Looking at a portion of the over two million devices that Fiberlink manages, it learned that passcode security still has a long journey ahead of it to go for complete protection of data on smartphones and tablets. Fiberlink looked at 200,000 devices.
There are three basic categories that fall under the heading of passcode protection. They are:
- PIN/Simple Passcode: Just numbers or letters
- Alphanumeric Passcode: Combination of numbers and letters
- Complex Passcode: Combination of numbers letters and special characters
It should really come as no surprise that the most common form of protection with a 93 percent ranking is the PIN/simple passcode option. To keep it even simpler, around 73 percent of this group use a four to five character code.
The study shows that one of the problems with this approach is that most people use repeatable digits on their smartphones and tablets. It seems that the average hacker can usually break the code in no more than 10 tries.
Some corporate sectors have no choice but to follow stricter audit requirements when it comes to security. Fiberlink’s report shows a breakdown of two sections. The first is passcodes most enforced through automated policies by industry. The percentage of protected devices is as follows:
- Healthcare: 97 percent
- Professional Services: 87 percent
- Public Sector: 85 percent
- Consumer/Retail: 81 percent
- Financial Services: 79 percent
- Manufacturing: 78 percent
- Education: 41 percent
Of this group a further breakdown shows the percentage that use alphanumeric or complex passcodes:
- Public Sector: 18 percent
- Financial Services: 9 percent
- Professional Services: 6 percent
- Healthcare: 4 percent
- Consumer/Retail: 3 percent
- Manufacturing: 3 percent
- Education: 1 percent
While security is of paramount importance, keeping both enterprise data as well as the devices safe and secure, it cannot go unmentioned, that as my father always said, “Too much is like not enough.” If you have a passcode that is so complex that it needs to be written down, who is going to use it?
Also, if it is written down, then that means it has to be easy for you to access, which in turn means that it is also easy for someone else to access. The big picture needs to include the user experience. Finding the proper balance between keeping everything secure and yet not making it so complicated that the IT administrator has to constantly change a forgotten passcode should be near the top of the list.
The Fiberlink report comes to the conclusion that regardless of what passcode approach you take in securing mobility, the automation of Mobile Device Management (MDM) policies is an essential element to standardizing a vast ecosystem of device types and operating systems. In addition, with MDM, IT gets a better understanding of which devices are passing passcode muster and which devices are still trying to pass on passcodes altogether.
This is not a scenario where one answer covers everything. Each company has a different set of rules that it needs to follow and then pass down. These companies also have different security needs. One thing that is clear is that with the proliferation of BYOD, you are not just watching a movie at home, so some form of security definitely needs to be considered.
Edited by Alisen Downey