Mobile Security Trends in the Workplace June 2014

2

Table of Contents 2  Abstract ............................................................................. 3  Key Findings ....................................................................... 4  

Mobile Security is a Top Priority for 2014 .................................................................................... 4  Organizations still navigating BYOD ............................................................................................ 5  Mobile security solutions don’t get the big picture: It’s about the data ........................................ 6  Beyond the device: Focus on the apps ....................................................................................... 7  Apple or Android ........................................................................................................................ 8  Times are changing: Security vs. Privacy .................................................................................... 8  

Conclusion ....................................................................... 10  

3

Abstract According to the TomiAhonen Almanac 2014, there are currently 7.1 Billion mobile subscriptions worldwide. With 7.1 Billion people on the planet, this means that the mobile subscription rate is at, or very very near, 100 percent. Furthermore because babies do not yet have mobile phone subscriptions (we don’t think!) this means that some people have two or more accounts apiece.

For further context, if you took every PC – laptops, netbooks, tablets – and added them together you’d arrive at 1.5 Billion. This means that there are nearly five times as many phones out there as PCs.

BYOD and BYOA, both in concept and practice, have been around for a while. By 2016, the number of smartphones is expected to surpass the number of people on the planet. Whether IT knows it or not, these devices are being used in the workplace. According to Gartner, 80 percent of all user access to the enterprise will be via mobile devices by 2020. Furthermore, according to a global survey of CIOs by Gartner, Inc.'s Executive Programs, 38 percent of companies expect to stop providing devices to workers by 2016.

With this in mind, in February 2014, Bluebox surveyed more than 100 IT Professionals and Employees to better understand the role BYOD currently plays. Our findings and analysis of the landscape are included below.

4

Key Findings

Mobile Security is a Top Priority for 2014

Of the IT Professionals surveyed 64 percent ranked mobile security as a top concern for 2014 with 36 percent reporting that mobile security is not a top 3 priority.

My Top Priority 12%

A Top 3 Priority 52%

Less than a Top 3 Priority

36%

In 2014, Mobile Security is

5

Organizations still navigating BYOD

BYOD has undoubtedly infiltrated the enterprise; however the survey showed that organizations are still navigating the BYOD waters. While the IT Professionals surveyed reported that mobile security was a top concern, fewer than half (40 percent) reported having a policy in place. Alarmingly, but perhaps not surprisingly, a large number of their employees (33 percent) were not aware whether or not their organization had a BYOD policy in place.

Meanwhile, an overwhelming majority of employees reported using their smartphones (90 percent) and personal tablets (35 percent) at work. Furthermore, 40 percent use two or more devices at work.

Of those that had some knowledge of their organization’s BYOD policy, a large number (40 percent) complain about their policy, with as many as six percent admitting to blatant disregard for known security policies.

Since BYOD security partially depends on employee compliance, the disconnect between the enterprise policies and employee knowledge and compliance creates unwanted opportunities for unintended mobile data leakage.

6

Mobile security solutions don’t get the big picture: It’s about the data

More than half of respondents (56 percent) listed “securing mobile data” as the most important success criterion for mobile security, yet only 13 percent felt that their current mobile security solution was effective in doing so. Additionally, while nearly 41 percent of respondents reported, “reducing data loss” as an important criterion, only 13 percent felt that their current solutions were effectively doing so.

0  

10  

20  

30  

40  

50  

60  

Importance to Mobile Security Success

Effectiveess of Curent Mobile Security Solution

7

Beyond the device: Focus on the apps

While the entrance of personal devices in the workplace raises concerns over the security of corporate data, the apps used to modify and move this data on these devices compounds that concern.

Interestingly, while 30.5 percent of IT Professionals believe that none of their employees are using unapproved apps, and only 17 percent believie that the majority or all of their employees are engaging in this behavior, the majority of employees (71 percent) are using anywhere from one to five apps to access or modify corporate data on their device.

Unfortunately, without insight into which apps employees are actually using, IT really has no way of knowing what to secure, or how.

0  

10  

20  

30  

40  

50  

60  

70  

80  

Zero 5 or fewer 6-10 10+ unsure

Use of Unauthorized Apps

IT's Perspective

Employee's Actual

8

Apple or Android

While iOS devices (62 percent) have a slight lead over Android devices (53 percent) in the workplace, the combination of smartphones and tablets have created a fairly even playing field. This means that IT needs to be able to secure both types of devices in today’s BYOD mobile landscape.

Times are changing: Security vs. Privacy

When asked how they thought about security and employee issues now versus five years ago there was a clear shift. Today, there is a much greater balance between mitigating risk and addressing employee concerns and privacy. Five years ago 30 percent of IT professionals would have said “it’s all about risk mitigation. I don’t factor in employee concerns.” Today, only 17 percent take that stance.

0%  

10%  

20%  

30%  

40%  

50%  

60%  

70%  

iOS

Android

Blackberry

9

However, the majority of IT professionals surveyed were overall unconcerned with employee privacy, with only 35 percent putting employees needs on par with security concerns and 17 percent not factoring employees’ needs into the equation at all.

Employees, however, voiced the polar opposite. Their top concerns: Device wipes removing personal data (82 percent), Invasion of Privacy (76 percent) and Restricted App Access (20 percent).

While IT and employees align on concerns over data loss, their concerns and priorities are otherwise at odds. While technology solutions are part of the mobile security success equation, employee compliance and participation will continue to be a key component. Thus, enterprises that take employee concerns into account are likely to achieve better compliance than those that disregard their needs.

Don't factor eomployee concerns

17%

Employee concerns secondary

48%

Employee concerns equal to

risk 22%

Security policy accommodates

employee productivity

13%

Security vs Privacy

10

Conclusion Organizations are beginning to see the value of BYOD policies; however there is still a sizeable gap in IT’s perception, and actual employee use, of personal device and unapproved apps for work. There is also a significant disconnect between employee privacy concerns on, and IT’s consideration of, these concerns when it comes to developing policies. This can be traced back to IT’s lack of insight into how employees are using their devices and apps.

Without visibility, it’s hard to have control, or to properly secure corporate data. The result is employees who, in a quest for increased productivity, use the devices and apps they want, working outside the bounds of IT and putting corporate data at risk.

To remediate this, IT should continuously audit employee device and app usage for work and create and tune mobile policies accordingly. Once aligned, employees will gain the tools needed to work most efficiently, while IT keeps corporate data secure.

Privacy 54%

Device Wipes 35%

App Restrictions 4%

Non-native UX 2%

Reimbursement 5%

Employee Concerns

11

The results of this survey further underscore the need for IT to listen to the concerns of the end user. By ignoring or downplaying employee concerns over privacy, IT is all but ensuring that these users will continue to operate outside the bounds of IT and further put corporate data at risk – the very thing IT is most concerned about.