Ensuring Security and Compliance in a BYOD World
IT security is complicated enough. The widespread adoption of BYOD mobile devices and the overall consumerization of IT promise to complicate security efforts exponentially. Are companies up to the challenge?
According to a recent multinational survey commissioned by CUPP Computing and conducted by Decisive Analytics, many companies are not satisfied with the mobile security they have, particularly in the face of a changing security environment. Some have yet to implement a mobile security environment at all.
Among the study’s findings:
- In general, most larger companies reported having a mobile security solution in place, although they had concerns about shortcomings to those products.
- By contrast, more than a third of smaller companies (less than 100 employees) had no mobile computing security solution at all.
- Fully 68 percent of mobile security decision makers said better mobile security is needed to prevent or mitigate targeted attacks.
- Some 66 percent also feel the need to fulfill a compliance requirement – such as HIPAA, EU Data Protection, PCI – with mobile security.
- Among larger companies, compliance is a key driver to mobile security purchases. Smaller companies didn’t see this compliance need.
Among the security concerns expressed by IT professionals, 47 percent ranked Android devices as the top mobile security concern, followed by Windows phones (24 percent), then Apple and Blackberry devices.
In open comments, IT professionals cited cost of deployment and government intrusion as additional security concerns.
The survey indicates that IT managers are already aware that a full suite of features are necessary to protect against these novel attacks.
For example, when asked to rank a variety of mobile security features:
- 84 percent said enterprise-level products such as anti-malware, Web reputation, firewall IPS/IDS were critical.
- Some 80 percent also put data protection services such as mobile container, application wrapping and data loss prevention services on the critical list.
- 79 percent added baseline mobile compliance.
Interestingly, IT security managers acknowledged the importance of mobile security in cloud environments as well.
- 58 percent of decision makers said they want to ensure secure access to corporate data in the cloud
- 65 percent said want to secure valuable data on employees’ mobile devices
- 59 percent want to protect the device itself from damaging malware.
|Priority||Percent Rating "Very High" or "Urgent"|
Achieve and maintain regulatory
Prevent and/or mitigate targeted
Secure mobile access to corporate
applications in the cloud
Prevent corporate data loss
from mobile devices
Deploy mobile anti-malware
The perception that a mobile security problem exists only in the U.S. is also false. The survey included responses from five countries around the world (U.S., Japan, UK, France and Germany) and found an increase in concern over targeted attacks and data breaches worldwide. The only strong point of variance was in compliance: Japanese respondents generally did not express a need for mobile security compliance reporting.
Overall, with the widespread adoption of the BYOD philosophy, mobile devices are becoming an attractive target for intrusion and sophisticated attackers everywhere. Large companies and small businesses alike are looking for the next level of protection for their sensitive corporate and customer data, for their corporate reputations, and to ensure adequate regulatory compliance.
Companies are clearly interested in a hardware-based solution to protect data on site, in the cloud and on mobile devices themselves.