Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Mobile security: Is antimalware protection necessary?

Developing an enterprise mobile security strategy is a challenge. Nick Lewis offers his insight on the viability of mobile antimalware protection.

There's been a fair amount of discussion about whether mobile devices need antimalware protection. With my employees...

using their own devices at work, for work, I want to make sure my company is adequately protected. Is the antimalware investment a necessary one? If not, is there a better product to use?

Over the past decade, mobile device management and mobile security have been two extremely difficult issues for enterprises to address. Whether an investment in antimalware is necessary might be the wrong question to ask. There are many different risks presented by mobile devices, and organizations would be wise to perform a threat assessment to better understand which threats are the highest risks for their specific business and therefore a priority to address.

The potential list of attacks against mobile devices for enterprises is very long, but the list of attacks or security incidents that make the news is relatively short. The most common mobile security threat to enterprises is lost or stolen devices. And the truth of the matter is that antimalware will not help if a device is lost or stolen and doesn't have basic mobile device security controls implemented on it, such as a PIN or remote wipe capabilities. If your organization does not require a PIN or hasn't adopted remote wipe yet, I would say these are higher priorities than antimalware.

Implementing a mobile device management (MDM) tool that includes antimalware along with other security controls (e.g., PIN enforcement, remote wipe, encryption or containerization) might be a good enterprise investment. However, before evaluating MDM tools, enterprises should ask a number of questions:

  • Do we have an inventory of mobile devices to secure?
  • Will the tool be implemented on employee-owned devices?
  • Will our employees allow us to install such a tool on their personally owned devices?

If you cannot answer these questions, deciding to implement a mobile device management tool might not actually provide the protection expected. 

Ask the Expert!
Perplexed about enterprise security? Send Nick Lewis your questions today! (All questions are anonymous.)

This was last published in May 2014

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.