Mobile Computing No Passing Fad

We all know that Bring Your Own Device (BYOD) is going to be a hot topic this year. Sure, mobile can increase the effectiveness of workers and give them access to data anywhere at any time. The question is -- how big is this trend and how is it affecting security administrators?

A new study commissioned by Check Point Software Technologies sheds light on the size and scope of BYOD. It’s bigger than you think, and there are plenty of risks to go around.

Mobile computing is no fad: 89 percent of respondents report that mobile devices were connected to their corporate network. The devices weren’t just company-issued; most respondents (65 percent) said that devices personally owned by employees were connected. Respondents in Japan are the least likely to allow connectivity of personal devices (46 percent); Germany is most likely to allow such connections (81 percent). Connectivity is growing: 94 percent say they’ve seen a rise in personal mobile-device use on corporate networks and 78 percent say use has more than doubled in the last two years (36 percent site a fivefold increase).

Apple iOS (30 percent) and BlackBerry (29 percent) were the most common platforms; Android is used at 21 percent of enterprises to access corporate networks. Ironically, Android was named as the platform with the greatest risk (43 percent), and BlackBerry was the safest (only 22 percent put it at the top of their “greatest security risk” list). Those surveyed say those risks are growing: most (64 percent) said the number of security threats to their organizations had increased over the last two years; 34 percent said the threat level remained the same, and just 3 percent said it has declined.

Of those claiming an increase, almost three-fourths (71 percent) said mobile devices were a “contributing factor” to the rise.

The study asked participants to rank several factors that affect mobile data security. “a lack of employee awareness about security policies” topped the list (at 62 percent), followed close behind by “insecure Web browsing” (61 percent), “insecure Wi-Fi connectivity” (59 percent), and “lost or stolen mobile devices with corporate data” (58 percent).

What kind of corporate data, you ask? I wasn’t surprised to read that that corporate e-mail was the most frequent response ((79 percent), followed by and business contact data (65 percent). More troubling: customer data was on nearly half (47 percent) of devices, followed by network login credentials (38 percent), and “corporate information made available through business applications” (32 percent). No wonder lost or stolen devices keep security admins awake at night.

Security pros know that internal forces can often be more important than external forces when it comes to keeping enterprises safe. The survey confirmed this popular belief: “Careless employees” pose a greater risk to security (according to 72 percent of respondents) than do hackers who “intentionally try to steal corporate information” (the response of just 28 percent of respondents). I found it interesting that the survey responses varied by geography: UK respondents were most concerned about careless employees (79 percent), Germany was less concerned (at 55 percent, it’s still greater than concern about hackers).

The global survey, conducted by Dimensional Research, polled 768 IT professionals in the U.S., Canada, the UK, Germany, and Japan. Respondents were responsible for IT security (either as their full-time job or part of their overall responsibilities) and included “IT executives, IT managers, and hands-on IT professionals and represented a wide range of company sizes and industry verticals,” according to Check Point.

-- James E. Powell
Editorial Director, ESJ

Posted by Jim Powell on 01/18/2012