The most striking point in a recent report commissioned by Trend Micro was that IT administrators are beginning to rank Apple’s iOS ahead of RIM’s BlackBerry and other mobile platforms, but there were some other significant details in that report.
The report focuses on mobile security and issues related to bring your own device (BYOD) programs. Such programs encourage employees to use their personal iPhones, iPads, Android devices and other mobile technologies to access business resources and perform work related tasks. Many IT professionals believe that BYOD programs introduce security risks – and it looks like they’re right believe that. Decisive Analytics, the company that prepared the report, notes that nearly half the IT professionals that they surveyed in the U.S., U.K., and Germany admitted that their companies had already experienced a mobile-related security breach.
Of the more than 400 senior IT professionals surveyed (PDF Link), 78% said that their company supports employee devices accessing corporate systems and information. That tracks with a range of other studies that report BYOD is now almost universal among U.S. companies. According to the report, European companies don’t seem have embraced BYOD as broadly as their U.S. counterparts – BYOD is roughly twice as common as in the U.S. as in the U.K. and Germany.
Almost half (46.7%) of those companies that do support BYOD have experienced a security breach that resulted from an employee-owned device accessing the corporate network. Many, but by no means all, of the companies that experienced breaches quickly introduced measures to prevent similar incidents in the future.
Of the companies that experienced a security breach, nearly half (44.9%) responded by putting access restrictions on the resources and data that users can access from mobile devices while a similar number (42%) installed mobile security tools on employee devices. A small percentage (12%) shut down their BYOD programs completely following a breach.
Those numbers imply that a large number of companies are not instituting key security measures when rolling out a BYOD program to employees even if mobile management systems are in place. They also imply that a number of companies aren’t taking any major steps to prevent breaches even after having experienced one. Those are alarming implications for both the companies involved and any employee, customer, or client data that they collect and/or manage.
There are also some bright spots in the report.
- Nearly all companies (89.1%) have security and acceptable use policies around personal devices that access a company network
- Most (80%) require some form of mobile security or management agent be installed on employee devices
- A little over half (53.7%) restrict BYOD to specific platforms, mobile OS versions, or specific devices
- Almost three-quarters (72.5%) plan to implement a solution the separates business and personal data on employee devices like the encrypted container approaches offered by Good and Bitzer Mobile.
- Most companies have a remote wipe policy in place – 35.7% wipe devices when they are lost/stolen and when an employee leaves the company, 25.3% wipe lost/stolen devices but don’t wipe when an employee leaves
- Only a small number of companies (8.9%) have a policy to wipe corporate data while leaving person data in tact