The Information Security Community on LinkedIn is 200K member strong; who better to ask about the state of BYOD and Security. This is the second "BYOD & Mobile Security Report" according to Holger Schulze, Group Founder.
What this report essentially shows, is that BYOD has not been solved, and, in many cases, is not yet even decided upon.
Stats on the topic vary according to source and respondents of course, with a range in the number—from 30% to 50% to a reported 70%—of companies that now allow BYOD. (Some are also mandating it.)
Distinguishing between allowing and enabling—as in supporting and policying—the numbers tend to be lower. And in fact, many solution providers report that when they start to engage with customers on BYOD and mobile security solutions, enterprises don't even realize how many personal devices are actually in their organizations.
According to the Information Security Community's report, only 21% of companies say that BYOD is fully implemented. With 40% reporting that company-owned devices are widely used, and 31% saying BYOD is under evaluation, this group of respondents is behind the generally cited numbers already mentioned.
This could be attributed to, in part, that the majority of these professionals come from regulated industries: approximately 12% in financial services; 8% in government; 5% in healthcare, pharma and biotech; 4% in education and 2% in energy and utilities.
What's surprising, however, is that nearly 20% of respondents note their industry as "software and internet"—companies that should be way out in front.
For those companies that do enable BYOD, 75% do so only for employees; 21% for contractors; 16% for partners; 14% for customers and 10% for suppliers.
Just Say No
A decent portion of the respondents will not be BYOD shops at all: 13% have not adopted BYOD and have no plans to; 3% will not permit BYOD; and 2% have tried and given up.
Platform trends came in at No. 4, and iOS tops the supported list at 76%, with smartphones being supported by 87%. But Android (69%) and Windows (66%) are not too far behind, and BlackBerry is at 40%. The high numbers for Windows and BlackBerry are also likely due to the respondents industries.
The report identified a total of 5 top trends. No. 1: the key drivers for BYOD are about improved employee mobility (57%); greater employee satisfaction (56%); and increased productivity (54%). BYOD, at first, was often viewed solely as a cost saver, and 36% here still report reduction in endpoint/hardware costs and 26% reduced operational support costs as key values of BYOD.
Nineteen percent cite reduced security risk as a benefit, but that is contrary to trend No. 2 where the biggest (67%) BYOD security concern is loss of company or client data and unauthorized access to company data and systems (57%). There are a host of other issues that are less than half, but more than one-quarter, consider concerns such as dangerous apps, malware, lost/stolen devices and compliance.
When asked "what negative impact did mobile security threats have on your organization?" The No. 3 trend was revealed—30% said the need for additional IT resources to manage security incidents. Only 15% actually reported data loss or theft.
Trend No. 5 shows that the most common risk control measures are password protection (67%), remote wiping of data (52%) and encryption (43%).
To that end, 43% utilize MDM, but 22% report that there are no tools in place to manage mobile devices.
When it comes to policy, the top three things covered are email, access and authentication and device wiping. A notable portion (44%) say they educate employees about acceptable usage.
About one-quarter do not have any mobile device policy.
The report concludes: "While we still have some ways to go toward broad BYOD adoption, organizations are somewhat better prepared for BYOD than a year ago. This year, 40% of respondents rank their readiness at 60% or higher compared to 34% last year."
With 58% of budgets forecasted to stay flat, will much more progress be made over the next year?