A new survey of IT security professionals shows that many businesses are barely starting to exploit mobile technology, and some of them may be a mobile security nightmare waiting to happen.
In a self-evaluation question, 40% of the 2014 sample (compared to 34% in 2013) ranked their readiness for BYOD at 60% or higher. Yet responses to other questions suggest that is wildly optimistic.
Just over 1,100 IT professionals, members of the Linked-In Information Security Community, were surveyed during the April-June 2014 period, representing a global range of industries, company sizes, and job descriptions. The survey was sponsored by Vectra Networks, a San Jose vendor that specializes in detecting cyber-attacks as they happen. The 22-page report, "BYOD and mobile security," is available free in PDF after a simple registration.
BYOD is still in its enterprise infancy. Only 24% of the sample said that privately-owned devices are widely used in their company and supported by a corporate BYOD policy. Another 31% said that BYOD is under consideration. Privately-owned devices are in "very limited use," according to 26%.
By contrast, 40% of the respondents say company-owned devices are widely used in their organization.
For the most part, they are used for the most basic and familiar of applications. Email/calendar/contacts are by far the most popular: 86% of the sample named this combination. Document access and editing was a distant second, named by 45% of the sample; followed by access to Microsoft Sharepoint or corporate intranets, named by 41%. Access to company-built applications and file sharing were tied for fourth place (each named by 34% of the sample). In fifth place was access to online applications such as Salesforce (26%).
The top BYOD security concerns for this group are:
+ loss of company or client data (picked by 67%)
+ unauthorized access to company data or systems (57%)
+ users downloading app or content with embedded security exploits (47%)
+ malware infections (45%)
+ and lost or stolen devices (41%)
The sample was asked "What tools are used to manage mobile devices?" Multiple answers were allowed, so at least some respondents may be practicing a "defense in depth" for mobility, with several products in play. A mobile device management (MDM) application is used by 43%. Endpoint security tools (the difference between these two categories wasn't spelled out) are used by 39%; and 38% enforce Network Access Controls (NAC). About one-third (30%) use endpoint malware protections. Almost one in four, 22%, selected "none."
Practices in place to control risk for mobile devices were also explored. The most common practice is password protection (67% said they have this). Others include: remote wiping of data (52%) and mandatory use of encryption (43%). Auditing of mobile devices is used by just one in four of the respondents.
Sign up for CIO Asia eNewsletters.