The top 5 trends in mobile and BYOD security
The results are in from a survey taken by Holger Schulze's Information Security Community group on LinkedIn*. There are a few surprises and a few "I already knew that"s in the report, but it's good to see them both down on paper, anyway. Being taken from an information security group, you'd expect that security is the highest priority topic, and it is. But do you know what the greatest impact is to business due to mobile security threats?
The top 5 trends/concerns in mobile and BYOD security
Greater employee satisfaction and productivity
Data loss and unauthorized access to data
Encryption is the most used risk control measure
The biggest impact of mobile security threats is the need for additional IT resources to manage them
The most popular business apps are email, calendar, and contact management, and Apple (iOS) is the most popular BYOD platform.
Let the rancid commentary begin!
I've written about all of these trends and concerns in this column, but now I have a third-party survey that includes more than 1,600 respondents to back up my assertions.
I've said before that companies want employees to be happy, and BYOD is part of that movement. The numbers tell the story with 55 percent of the respondents stating that as the top reason for implementing a BYOD program. A very close second is the need for increased employee mobility at 54 percent, and third, at 51 percent, is increased employee productivity.
"Employee satisfaction is the number one reason why companies implement BYOD programs."
One thing to note about employee "mobility" is that this new found mobility also tethers you to your job in a way that has never happened before. Even in the days of pagers, there was more freedom, because communication was one way. And pagers were somewhat unreliable, so you could always say that you didn't receive the page or that you were in a "dead" spot. It did happen, but not as often as we all claimed.
Data loss and unauthorized access are at the top of the concerns list for most companies: 75 percent fear loss of data, 65 percent worry about unauthorized access and 47 percent fear risks of malware infection. Clearly, security is a huge concern for companies. However, those fears have less to do with BYOD and more to do with mobile devices in general. Malware actually should be a bigger concern than it is. I don't think the majority of respondents understand the true size of the malware threat.
If you'd like to understand more about malware threats, please read Don't you just love mobile apps? So do malicious code writers. Malware is a big problem, and to say that sounds like an understatement. Most people infected with a malicious app or privacy-leaking app don't even know it.
Encryption is a major step in the right direction, but there's still debate over its effectiveness. I had a Twitter chat yesterday that touched on this topic. The main argument was that there's data in transit and data at rest, and both need to be encrypted. The problem is that users, managers, and even IT people assume that they are the same. They're not. You can encrypt your data via a VPN that traverses the internet to and from your corporate network, but when the data lands on your device, it's unencrypted — or can be.
"Apple (iOS) is the most popular BYOD platform."
The solution is to encrypt your data or your entire device and to use only encrypted communications to transfer data.
The need for additional IT resources to handle mobile threats and security has a major impact on businesses. This means that by having a large number of mobile devices (BYOD or corporate owned) means there's a need for more staff to manage them. One third of the respondents realized this need, while 28 percent said that they report no negative impact due to mobile threats. I challenge that 28 percent to hire a third-party security consultant to verify their assumption. More than 90 percent of all security breaches are found by third-party consultants.
And it's no surprise that the most popular mobile apps are email, calendar, and contact management. These apps are easy to use on mobile devices and most are very well made. Their features, stability, and usability make them perfect for communicating with and staying connected to co-workers.
Finally, as I stated above, Apple products are the clear (72 percent) for BYOD use, followed by Android, Blackberry and Microsoft in that order.
These five aspects of the report don't cover the results in their entirety, but I'll have other posts up that cover some of the other points soon. But I will give you this one tidbit from other parts of the report: Only 10 percent of the companies that don't currently have a BYOD program have ruled it out. Interesting. More on that in another post.
What do you think of the results? Do you think that the 1,600 respondents represent an accurate cross-section, or do you think the results are skewed in some way? Talk back and let me know.
*The Information Security Group has more than 160,000 members. Holger Schulze is the Group Owner.