IT security is difficult no matter what the platform — because software is imperfect, complex and constantly changing. However, there are three key factors which make securing mobile devices even more challenging.
Mobile picture from Shutterstock
This is an extract from Lifehacker's ebook Making Mobility Real: How To Choose The Right Tech For Your Business. You can download the entire ebook for free here.
This might seem like a blindingly obvious statement, but it remains the single biggest issue for securing mobile devices: the very fact of their mobility. Employees are generally quite unlikely to leave a server sitting in the back of a taxi, but that's a hugely common scenario when it comes to laptops or smartphones. Physical access to devices makes them more vulnerable. There are absolutely strategies you can take to minimise this risk, but you can never eliminate it entirely.
Mobile devices such as phones and tablets are often owned by users and not directly connected to corporate networks, relying on specific logins for individual applications rather than a broad network-wide login. It's also rare for them to be running a standardised platform: phone owners will often reject enforced updates ("I don't have time to download that! I haven't got any spare bandwidth! I can't be without my phone for that long!"), so security vulnerabilities can remain in place long after they have been identified and patched by the developers. Most of those problems can be addressed through a mixture of security software and policy, but they need to be recognised and acknowledged before you can do that.
Security Is An Afterthought
While the situation isn't quite as dire as when smartphones first became popular, it remains the case that if there's a choice between making a phone easier to use and making it easier to secure, phone software designers will invariably opt for the former. Even when there are useful security features built-in — such as requiring a password or setting up remote wipe capabilities — it's usually up to the owner to activate these, and many people don't ever get around to it. This isn't true to the same extent with laptops, but those can present a different type of challenge: it's comparatively simple to export data from laptops, for example.