Not surprisingly, mobile security ranks among the top challenges IT faces when it comes to protecting small and mid-sized businesses. What is surprising, however, is that only 16% of SMBs worldwide responding to a recent Techaisle survey say they’re prepared to deal with mobile security challenges. For some small businesses, this is constraining mobile adoption; for others, it's creating concerning security gaps. However, it also creates an opportunity for channel partners to step in and become trusted advisors.
Right now, many MSPs and VARs continue to focus customers on backup and disaster recovery, along with endpoint security, since they tend to be simple point solutions for the SMB market. While important, they don't get at the breadth and depth of the security challenges SMBs encounter.
So if managed service providers (MSPs) are going to increase the value they can provide to their customers, they need to hone in on what is increasingly becoming a well-recognized security vulnerability: the employee. We’ve been hearing a lot in the news lately about the threat posed by workers who deliberately leave a company with intellectual property, sell trade secrets to competitors, or sabotage security and IT systems. But there is an alarming rise in three particular areas that get less attention. As Techaisle points out in their analysis of their mobile security survey, "user neglect and irresponsibility; lack of employee knowledge/awareness, and user mishap" all have a significant impact on security, especially as related to mobility. The Techaisle study found that malware and other external factors are definite concerns, but the data suggest that addressing user education and behavior is a critical part of a good security strategy for SMBs. Of course, the same could probably be said of larger enterprises, but that's another blog for another day.
BYOD and mobility in general have made the network perimeter far more porous and created vulnerabilities in networks that are difficult to address with edge solutions alone. As the Techaisle study notes,
“[intruders] can ride through a permeable configuration on the backs of mobile devices that have been granted access to the precious applications and data that live in the interior of the organization.”
This means that when it comes to protecting the network, not only does IT have to defend against known threats at the perimeter and endpoint, but it also has to protect the business from breaches potentially caused by the actions of its own employees and other internal and unknown threats.
MSPs and VARs can help IT and the businesses they support in a number of ways:
- Getting a handle on users who don’t follow mobile policies, assuming there are policies already in place.
- Crafting thoughtful policies if they don't exist and providing the tools to implement, monitor, and enforce those policies
- Providing platforms and applications to help users separating work content from personal content on their mobile devices
- Gaining control over lost and stolen devices and providing robust MDM solutions.
- Providing guidance and education when it comes to best practices and state of the art approaches to mobile security and intelligent BYOD
- Looking at network segmentation and advanced technologies to provide additional layers of protection in the face of emerging internal threats.
It's important to remember that early smartphones and tablets were geared toward the consumer market and didn't necessarily have the same built-in security and management features as PCs and laptops. In many cases, they still don't, but simply keeping employees tied to a desktop is hardly an option. Instead, channel partners can bridge the gap for SMBs who need the right combination of hardware, software, policy, and education to create secure, highly mobile environments.