Introduction: Security in a Mobile World
IT and security professionals who manage and secure personal and corporate-owned mobile devices for enterprises have a difficult job. People want to use a wide range of different devices and mobile apps to access enterprise assets, interact with corporate data, and collaborate with their colleagues. Because mobile began as a consumer technology, many devices lack the security and administrative functions that IT and security teams use to manage traditional endpoints such as laptops and desktops.
The speed, volume, and variety of devices coming online is incredible. Benedict Evans, an analyst at Andreessen Horowitz, summed it up well when he titled a presentation, “Mobile is eating the world.”1
Consider the following:
- The number of mobile devices on Earth has surpassed the number of people living on it2
- In 2015 more google searches occurred on mobile devices than on computers in 10 countries3
- 87 percent of time spent using mobile devices is spent using apps4
- An average of 53,309 mobile apps were released on the Apple App Store each month in 20155
- Forrester predicted people would download more than 226 billion apps in 20156
The mobile tidal wave will not subside any time soon, and enterprises need to prepare themselves. In 2015, Tech Pro Research reported that 74 percent of organizations allow, or plan to allow, employees to use their personal mobile devices for work.7 Employees want to use their own devices, and enterprises want to realize the benefits of increased productivity that come with the bring-your-own-device (BYOD) approach.
In discussion around BYOD, an important point is often overlooked. More important than who owns the device is how it is used and how it is secured. Enterprise risk is increasing as a greater variety of devices running more apps from untrusted sources connect and process sensitive data. Tightly controlling all devices and limiting apps to a small whitelist is simply not viable for all scenarios.
About this Report
We present this report, gleaned from our database of mobile security intelligence, to help IT and security pros make informed decisions about managing and securing mobile devices, mobile apps, and their enterprises’ mobile ecosystem. Some of our eye-opening statistics regarding mobile insecurity include:
- 24.7 percent of mobile apps include at least one high-risk security flaw
- The average device connects to 160 unique IP addresses every day
- 35 percent of communications sent by mobile devices are unencrypted
- Business apps are three times more likely to leak login credentials than the average app
- Games are one-and-a-half times more likely to include a high risk vulnerability than the average app
Enterprise IT and security teams should take data points such as these into consideration as they develop and manage their mobile security strategies.