The top 5 trends in mobile and BYOD security

The top 5 trends in mobile and BYOD security

Summary: More than 1,600 respondents' data created this report on current BYOD trends, concerns, and practices. Can you guess which mobile platform is the most popular for BYOD?


The results are in from a survey taken by Holger Schulze's Information Security Community group on LinkedIn*. There are a few surprises and a few "I already knew that"s in the report, but it's good to see them both down on paper, anyway. Being taken from an information security group, you'd expect that security is the highest priority topic, and it is. But do you know what the greatest impact is to business due to mobile security threats?

The top 5 trends/concerns in mobile and BYOD security

  1. Greater employee satisfaction and productivity

  2. Data loss and unauthorized access to data

  3. Encryption is the most used risk control measure

  4. The biggest impact of mobile security threats is the need for additional IT resources to manage them

  5. The most popular business apps are email, calendar, and contact management, and Apple (iOS) is the most popular BYOD platform.

Let the rancid commentary begin!

I've written about all of these trends and concerns in this column, but now I have a third-party survey that includes more than 1,600 respondents to back up my assertions.

I've said before that companies want employees to be happy, and BYOD is part of that movement. The numbers tell the story with 55 percent of the respondents stating that as the top reason for implementing a BYOD program. A very close second is the need for increased employee mobility at 54 percent, and third, at 51 percent, is increased employee productivity.

"Employee satisfaction is the number one reason why companies implement BYOD programs."

One thing to note about employee "mobility" is that this new found mobility also tethers you to your job in a way that has never happened before. Even in the days of pagers, there was more freedom, because communication was one way. And pagers were somewhat unreliable, so you could always say that you didn't receive the page or that you were in a "dead" spot. It did happen, but not as often as we all claimed.

Data loss and unauthorized access are at the top of the concerns list for most companies: 75 percent fear loss of data, 65 percent worry about unauthorized access and 47 percent fear risks of malware infection. Clearly, security is a huge concern for companies. However, those fears have less to do with BYOD and more to do with mobile devices in general. Malware actually should be a bigger concern than it is. I don't think the majority of respondents understand the true size of the malware threat.

If you'd like to understand more about malware threats, please read Don't you just love mobile apps? So do malicious code writers. Malware is a big problem, and to say that sounds like an understatement. Most people infected with a malicious app or privacy-leaking app don't even know it.

Encryption is a major step in the right direction, but there's still debate over its effectiveness. I had a Twitter chat yesterday that touched on this topic. The main argument was that there's data in transit and data at rest, and both need to be encrypted. The problem is that users, managers, and even IT people assume that they are the same. They're not. You can encrypt your data via a VPN that traverses the internet to and from your corporate network, but when the data lands on your device, it's unencrypted — or can be.

"Apple (iOS) is the most popular BYOD platform."

The solution is to encrypt your data or your entire device and to use only encrypted communications to transfer data.

The need for additional IT resources to handle mobile threats and security has a major impact on businesses. This means that by having a large number of mobile devices (BYOD or corporate owned) means there's a need for more staff to manage them. One third of the respondents realized this need, while 28 percent said that they report no negative impact due to mobile threats. I challenge that 28 percent to hire a third-party security consultant to verify their assumption. More than 90 percent of all security breaches are found by third-party consultants.

And it's no surprise that the most popular mobile apps are email, calendar, and contact management. These apps are easy to use on mobile devices and most are very well made. Their features, stability, and usability make them perfect for communicating with and staying connected to co-workers.

Finally, as I stated above, Apple products are the clear (72 percent) for BYOD use, followed by Android, Blackberry and Microsoft in that order.

These five aspects of the report don't cover the results in their entirety, but I'll have other posts up that cover some of the other points soon. But I will give you this one tidbit from other parts of the report: Only 10 percent of the companies that don't currently have a BYOD program have ruled it out. Interesting. More on that in another post.

What do you think of the results? Do you think that the 1,600 respondents represent an accurate cross-section, or do you think the results are skewed in some way? Talk back and let me know.

*The Information Security Group has more than 160,000 members. Holger Schulze is the Group Owner.

Topics: Mobility, Apple, Mobile OS


Kenneth 'Ken' Hess is a full-time Windows and Linux system administrator with 20 years of experience with Mac, Linux, UNIX, and Windows systems in large multi-data center environments.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • The Top 5 Trends


    Due to the relatively small respondents, and only one Social Media channel, I would venture to say the results were skewed. However, I would not be willing to guess by how much or in which way; most likely not enough to alter the basic trends and concerns you cite.

    The results you cite are, as you indicated, to be expected. Two of the points are particularly important: what the employees want and what they use. They're what is driving the hardware market right now and the software market is trying to follow. I do not intend to imply the security items are not as important, just that they are more a response to employees wishes.

    I agree that most mobile device users grossly underestimate the malware threat. As more people turn from the PC to handhelds, the greater that threat will become (which is good news for PC users). Malware writers always go for the biggest target. Unfortunately, the people who need the information the most don't subscribe to the sources that provide it. It's like waving a sign in front of a blind person or yelling at someone who's deaf.

    The only thing in your list of what's used that surprised me is Blackberry. Even the order is to be expected. Apple came out first with the iPhone and iPad, so it would naturally be in first place. MS, on the other hand, was the last entrant, so of course they would be last. There's no valid method to determine how long this order will be maintained; too many variables. Of course, I know there will be immature people who will claim to know - and be very belligerent and vulgar in asserting their claims.

    And now, as you said: Let the rancid commentary begin!
    • 1,600 respondents is pretty good

      That's not a huge sample but it's pretty good. The amount of error goes down as the sample size goes up but if you do the math on this, it's not too shabby.
  • A scary statistic

    Buried toward the end of the article is a scary statistic that deserves more attention: "More than 90 percent of all security breaches are found by third-party consultants."

    So that means, If I haven't gotten a third-party assessment, I'm at a 90% risk of already having had a security breach I don't even know about yet?