Mobilisafe Study: Outdated OSs, Vanishing Devices Hamper Security
As if they didn’t have enough headaches to deal with, here’s some fresh fear, uncertainty, and doubt for small-business IT guys: Employees are not going to stop hauling their smartphones to work, and you probably don’t have a good idea of just who is tapping into your system.
That’s the word from Seattle startup Mobilisafe, which is developing a software service to help small and medium-sized IT departments better track and manage employee devices at work. Big companies have been dealing with this trend for several years now—it’s called BYOD (bring your own device)—but, Mobilisafe CEO Giri Sreenivas says, there aren’t a lot of good options for smaller companies yet.
As they develop their product, the venture-backed Mobilisafe has been studying employee device use through a private beta test. Sreenivas says that, over the course of about three months, the study tracked around 40 million mobile device “connections” with a company IT system in a broad array of industries (a single e-mail would represent one connection).
Obviously, IT professionals are aware that more people are toting personal smartphones or tablets that they use to do some work. But Sreenivas says that at smaller businesses, IT pros didn’t have a good way to put their arms around how much that was actually happening.
“These small and medium-sized business IT managers are significantly underestimating the number of mobile devices and the kinds of mobile devices that are coming in,” Sreenivas says. “It’s a blind spot, and they’re fully aware of it.”
The Mobilisafe trial is finding that there’s potentially a higher degree of consumer mobile devices in smaller businesses —around 80 percent of employees using their personal device at work in small and medium-sized businesses, versus figures seen elsewhere in the 60 percent range for enterprises, Sreenivas says.
He says that’s probably because smaller businesses have been subsidizing employee cell-phone plans for longer than big companies, which would tend to just issue corporate phones instead.
Another finding that stood out was a pretty high degree of Apple device users—56 percent—with an operating system that wasn’t up to date. That could leave the device open to malicious exploits that were fixed in later versions of the OS. Sreenivas points to a recent exploit of the PDF file format, which hackers offered as a simple way to “jailbreak” an iPhone for users.
“There were PDFs on the Web that were taking advantage of this exploit, and there were a number of attacks,” Sreenivas says. “Corporate data could be leaked off the device to a random server in China or Russia.”
Companies also saw nearly 40 percent of personal devices go inactive for more than a month during the course of the study—leading some to question whether a phone had been sold, and whether it might have some sensitive data buried somewhere inside.
Mobilisafe, of course, sees an opportunity to build a business here. The company, founded by T-Mobile veterans Sreenivas and Dirk Sigurdson, is operating on seed funding of $1.2 million raised last year from Madrona and Trilogy Partners.
Others are paying attention to the problem—Cisco, for instance, built its own internal fix to boost security in the face of the BYOD surge (although it reportedly took three years). But not every company has the heft of a Cisco. And there are plenty of “mobile device management” startups heading on the case as well. Mobilisafe wouldn’t tell me what sets their approach apart from all the others, so I guess you’ll have to stay tuned to hear how they’ll hope to make a dent in this market.
“These organizations are still getting comfortable with mobile devices,” Sreenivas says. “But frankly, there have not to date been great products on the market to deal with this.”