The Ponemon Institute has released the results of a global study into the risks presented by the use of mobile devices, which they define as including “laptops, USB drives, smartphones, and tablets.” Personally, I wish they had limited their study to the latter two.
Even so, this is an interesting report that is worth reading (registration required).
Here are their top findings:
“Fifty-nine percent of respondents report that employees circumvent or disengage security features such as passwords and key locks.”
“During the past 12 months, 51 percent of the organizations in this study experienced data loss resulting from employee use of insecure mobile devices, including laptops, smartphones, USB devices, and tablets.”
“Seventy-seven percent of respondents agree that the use of mobile devices in the workplace is important to achieving business objectives. A similar percentage (76 percent) believes that these tools put their organizations at risk. Only 39 percent have the necessary security controls to address the risk, and only 45 percent have enforceable policies.”
“Sixty-five percent of respondents are most concerned with employees taking photos or videos in the workplace — probably due to fears about the theft or exposure of confidential information. Other unacceptable uses include downloading and using internet apps (44 percent) and using personal email accounts (43 percent). Forty-two percent say that downloading confidential data onto devices (USB or Bluetooth) is not acceptable in their organizations.”
The report goes into each of these areas in more detail, and you can find reports that focus on results from respondents in your country with an internet search. For example, here are:
While this is interesting and useful, I see professionals missing the fact that more and more of the enterprise application world is moving to mobile devices. It’s not just the data that needs to be secured, but the application.
How do you provide effective application change management for your enterprise applications when they are on phones and tablets?
Do you have an answer?
For another perspective on mobile security, check out this report from Sybase (PDF).