Mobile Security Trends in the Workplace June 2014
Table of Contents 2 Abstract... 3 Key Findings... 4 Mobile Security is a Top Priority for 2014... 4 Organizations still navigating BYOD... 5 Mobile security solutions don t get the big picture: It s about the data... 6 Beyond the device: Focus on the apps... 7 Apple or Android... 8 Times are changing: Security vs. Privacy... 8 Conclusion... 10 2
Abstract According to the TomiAhonen Almanac 2014, there are currently 7.1 Billion mobile subscriptions worldwide. With 7.1 Billion people on the planet, this means that the mobile subscription rate is at, or very very near, 100 percent. Furthermore because babies do not yet have mobile phone subscriptions (we don t think!) this means that some people have two or more accounts apiece. For further context, if you took every PC laptops, netbooks, tablets and added them together you d arrive at 1.5 Billion. This means that there are nearly five times as many phones out there as PCs. BYOD and BYOA, both in concept and practice, have been around for a while. By 2016, the number of smartphones is expected to surpass the number of people on the planet. Whether IT knows it or not, these devices are being used in the workplace. According to Gartner, 80 percent of all user access to the enterprise will be via mobile devices by 2020. Furthermore, according to a global survey of CIOs by Gartner, Inc.'s Executive Programs, 38 percent of companies expect to stop providing devices to workers by 2016. With this in mind, in February 2014, Bluebox surveyed more than 100 IT Professionals and Employees to better understand the role BYOD currently plays. Our findings and analysis of the landscape are included below. 3
Key Findings Mobile Security is a Top Priority for 2014 Of the IT Professionals surveyed 64 percent ranked mobile security as a top concern for 2014 with 36 percent reporting that mobile security is not a top 3 priority. In 2014, Mobile Security is My Top Priority 12% Less than a Top 3 Priority 36% A Top 3 Priority 52% 4
Organizations still navigating BYOD BYOD has undoubtedly infiltrated the enterprise; however the survey showed that organizations are still navigating the BYOD waters. While the IT Professionals surveyed reported that mobile security was a top concern, fewer than half (40 percent) reported having a policy in place. Alarmingly, but perhaps not surprisingly, a large number of their employees (33 percent) were not aware whether or not their organization had a BYOD policy in place. Meanwhile, an overwhelming majority of employees reported using their smartphones (90 percent) and personal tablets (35 percent) at work. Furthermore, 40 percent use two or more devices at work. Of those that had some knowledge of their organization s BYOD policy, a large number (40 percent) complain about their policy, with as many as six percent admitting to blatant disregard for known security policies. Since BYOD security partially depends on employee compliance, the disconnect between the enterprise policies and employee knowledge and compliance creates unwanted opportunities for unintended mobile data leakage. 5
Mobile security solutions don t get the big picture: It s about the data More than half of respondents (56 percent) listed securing mobile data as the most important success criterion for mobile security, yet only 13 percent felt that their current mobile security solution was effective in doing so. Additionally, while nearly 41 percent of respondents reported, reducing data loss as an important criterion, only 13 percent felt that their current solutions were effectively doing so. 60 50 40 Importance to Mobile Security Success 30 20 Effectiveess of Curent Mobile Security Solution 10 0 6
Beyond the device: Focus on the apps While the entrance of personal devices in the workplace raises concerns over the security of corporate data, the apps used to modify and move this data on these devices compounds that concern. Interestingly, while 30.5 percent of IT Professionals believe that none of their employees are using unapproved apps, and only 17 percent believie that the majority or all of their employees are engaging in this behavior, the majority of employees (71 percent) are using anywhere from one to five apps to access or modify corporate data on their device. Unfortunately, without insight into which apps employees are actually using, IT really has no way of knowing what to secure, or how. Use of Unauthorized Apps 80 70 60 50 IT's Perspective 40 Employee's Actual 30 20 10 0 Zero 5 or fewer 6-10 10+ 7 unsure
Apple or Android While ios devices (62 percent) have a slight lead over Android devices (53 percent) in the workplace, the combination of smartphones and tablets have created a fairly even playing field. This means that IT needs to be able to secure both types of devices in today s BYOD mobile landscape. 70% 60% 50% ios Android 40% Blackberry 30% 20% 10% 0% Times are changing: Security vs. Privacy When asked how they thought about security and employee issues now versus five years ago there was a clear shift. Today, there is a much greater balance between mitigating risk and addressing employee concerns and privacy. Five years ago 30 percent of IT professionals would have said it s all about risk mitigation. I don t factor in employee concerns. Today, only 17 percent take that stance. 8
However, the majority of IT professionals surveyed were overall unconcerned with employee privacy, with only 35 percent putting employees needs on par with security concerns and 17 percent not factoring employees needs into the equation at all. Security policy accommodates employee productivity 13% Security vs Privacy Don't factor eomployee concerns 17% Employee concerns equal to risk 22% Employee concerns secondary 48% Employees, however, voiced the polar opposite. Their top concerns: Device wipes removing personal data (82 percent), Invasion of Privacy (76 percent) and Restricted App Access (20 percent). While IT and employees align on concerns over data loss, their concerns and priorities are otherwise at odds. While technology solutions are part of the mobile security success equation, employee compliance and participation will continue to be a key component. Thus, enterprises that take employee concerns into account are likely to achieve better compliance than those that disregard their needs. 9
Employee Concerns App Restrictions 4% Non-native UX 2% Reimbursement 5% Privacy 54% Device Wipes 35% Conclusion Organizations are beginning to see the value of BYOD policies; however there is still a sizeable gap in IT s perception, and actual employee use, of personal device and unapproved apps for work. There is also a significant disconnect between employee privacy concerns on, and IT s consideration of, these concerns when it comes to developing policies. This can be traced back to IT s lack of insight into how employees are using their devices and apps. Without visibility, it s hard to have control, or to properly secure corporate data. The result is employees who, in a quest for increased productivity, use the devices and apps they want, working outside the bounds of IT and putting corporate data at risk. To remediate this, IT should continuously audit employee device and app usage for work and create and tune mobile policies accordingly. Once aligned, employees will gain the tools needed to work most efficiently, while IT keeps corporate data secure. 10
The results of this survey further underscore the need for IT to listen to the concerns of the end user. By ignoring or downplaying employee concerns over privacy, IT is all but ensuring that these users will continue to operate outside the bounds of IT and further put corporate data at risk the very thing IT is most concerned about. 11