Chief information security officers in Australia and New Zealand have told analyst firm IBRS that managing consumer-grade mobile devices in the enterprise is one of their top security concerns.
The preliminary results of 70 plus interviews between senior IT security executives and IBRS analyst James Turner have revealed that managing and securing mobile devices - particularly the iPhone was a concern.
"Executives are getting them, bringing them into the workplace and asking to have them set up as though it was an enterprise-issued device," said Turner.
"There are a stack of issues around this, not least of which is the understanding that it's a consumer device and not built with enterprise utility in mind."
Turner said the penetration testers HackLabs, Securus Global and StratSec, with whom he has discussed the issue, were "scathing" of iPhone security, claiming it was "laughable".
"All they needed was physical access to the device and a laptop with some specific software on it.
"This is pretty serious for security professionals who are trying to protect their organisation's sensitive corporate data. Mobile phones are always being lost and the brand doesn't matter," he said.
Meanwhile, communicating risk to the organisation was also flagged as a top concern.
"Security professionals are continually dealing with the operational and environmental risks that the organisation has to address and then they have to identify these to business decision makers and recommend a path of action."
The top issues for CISOs in Australia and New Zealand in no particular order were:
1. Managing mobile users & mobile devices 2. Communicating risk to the rest of the organisation 3. DLP4. Cybercrime & cyber-terrorism5. Managing complexity 6. Managing the perimeter 7. Virtualisation and security8. Managing information 9. Identity management10. Managing vendors 11. Firewalls and architecture 12. Cloud and SaaS
A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @itnews.com.au to your white-listed senders.