​New Study Looks at Mobility Risks

Comments Views

​The Ponemon Institute has released the results of a global study into the risks presented by the use of mobile devices, which they define as including “laptops, USB drives, smartphones, and tablets.” Personally, I wish they had limited their study to the latter two.

Even so, this is an interesting report that is worth reading (registration required).

Here are their top findings:

  • “Fifty-nine percent of respondents report that employees circumvent or disengage security features such as passwords and key locks.”

  • “During the past 12 months, 51 percent of the organizations in this study experienced data loss resulting from employee use of insecure mobile devices, including laptops, smartphones, USB devices, and tablets.”

  • “Seventy-seven percent of respondents agree that the use of mobile devices in the workplace is important to achieving business objectives. A similar percentage (76 percent) believes that these tools put their organizations at risk. Only 39 percent have the necessary security controls to address the risk, and only 45 percent have enforceable policies.”

  • “Sixty-five percent of respondents are most concerned with employees taking photos or videos in the workplace — probably due to fears about the theft or exposure of confidential information. Other unacceptable uses include downloading and using internet apps (44 percent) and using personal email accounts (43 percent). Forty-two percent say that downloading confidential data onto devices (USB or Bluetooth) is not acceptable in their organizations.”

The report goes into each of these areas in more detail, and you can find reports that focus on results from respondents in your country with an internet search. For example, here are:

While this is interesting and useful, I see professionals missing the fact that more and more of the enterprise application world is moving to mobile devices. It’s not just the data that needs to be secured, but the application.

How do you provide effective application change management for your enterprise applications when they are on phones and tablets?

Do you have an answer?

For another perspective on mobile security, check out this report from Sybase (PDF).

​The opinions expressed by Internal Auditor's bloggers may differ from policies and official statements of The Institute of Internal Auditors and its committees and from opinions endorsed by the bloggers' employers or the editors of Internal Auditor. The magazine is pleased to provide you an opportunity to share your thoughts about these blog posts. Some comments may be reprinted elsewhere, online or offline.



Comment on this article

comments powered by Disqus
    • CIA-September-2021-Blog-2
    • Your-Voices-September-2021-Blog-3