Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Half of U.S. businesses have no formal BYOD policy for security

Matt Hamblen | Nov. 13, 2015
Emergence of biometric smartphone security is rare, survey says

"Right now, there's some confusion and trepidation in the market about MFA," said Jason Milgram, director of software development for Champion. "None of our customers are incorporating biometric authorization into their security plan, even though they will eventually. Many are focused on enterprise content rights management and all of them are working out their strategy. When we bring up the subject of biometrics, people know about it and ask us, 'Can you show us or tell us.' "

While newer iPhones and many Android phones, like Samsung Galaxy smartphones, use fingerprint scanners for a user to access the phone itself, companies are only just beginning to consider using the fingerprint scanner to access enterprise apps or data, Milgram said. Some companies are relying on partitioning of personal from work data within the operating system of some newer phones, but even that approach may not be secure enough, depending on the level of risk that a company can tolerate.

Champion has 2,300 business customers, primarily in health care, distribution and finance. It operates a business unit called MessageOps that helps companies deploy Microsoft Cloud Services, including Office 365, Enterprise Mobility and Azure services. Champion also works as a system integrator to help companies deploy other enterprise mobility management products such as VMware's AirWatch and IBM's Maas360.

The low adoption of MFA for mobile security noted in the survey doesn't surprise Pyle. "There's a lot of good talk by companies about what's coming and what's going to be available, but people aren't implementing what's available today, let alone what's coming tomorrow," he said.

As an example, the survey noted that 23% of companies don't lock out mobile access after a repeated number of sign-in failures. "That's a large percentage, too large," Milgram said. "Someone could launch a brute force attack if nothing is turned off."

The survey also found that 30% of companies don't even require alphanumeric passwords (those using both the alphabet and numbers). "That's a pretty basic precaution," Pyle added.

Champion plans to repeat the survey next year and expects to see a greater focus on security, he said.


Previous Page  1  2 

Sign up for CIO Asia eNewsletters.