byod and mobile security report 2013
DESCRIPTION
Welcome to the 2013 BYOD & Mobile Security Report! Bring Your Own Device (BYOD) is a popular topic this year as more companies are adopting employee-owned mobile devices (or deciding against it for security and data control reasons). The 160,000 member Information Security Community on LinkedIn conducted the survey “BYOD & Mobile Security 2013” to shed some light on the drivers for BYOD, how companies will benefit from BYOD, and how they respond to the security risks associated with this trend. The results are in - we received more than 1,600 responses and found interesting insights into BYOD adoption patterns and mobile security practices. We hope you will enjoy the report. Thanks to everyone who participated in the survey!TRANSCRIPT
Sponsored by
| Symantec | KPMG | Zimbani | MailGuard |
2013 survey results
BYOD & MOBILE SECURITY
InformationSecurity
Group Partner
BYOD & MOBILE SECURITY | read the 2013 survey results 1
Welcome to the 2013 BYOD & Mobile Security Report!
Bring Your Own Device (BYOD) is a popular topic this year as more companies are adopting employee-owned mobile devices (or deciding against it for security and data control reasons).
The 160,000 member Information Security Community on LinkedIn conducted the survey “BYOD & Mobile Security 2013” to shed some light on the drivers for BYOD, how companies will benefit from BYOD, and how they respond to the security risks associated with this trend.
The results are in - we received more than 1,600 responses and found interesting insights into BYOD adoption patterns and mobile security practices. We hope you will enjoy the report.
Thanks to everyone who participated in the survey!
Group Owner, Information Security [email protected] | +1 302-383-5817
Holger Schulze
INTRODUCTION
Share the Report
BYOD & MOBILE SECURITY | read the 2013 survey results
The number one benefit of BYOD is greater employee satisfaction and productivity.
A majority of companies are concerned about loss of and unauthorized access to data.
Encryption is the most used risk control measure for mobile devices.
The biggest impact of mobile security threats is the need for additional IT resources to manage them.
The most popular mobile business applications are email, calendar and contact management. The most popular mobile platform for BYOD is iOS/Apple.
2
Top-5 Trends in BYOD & Mobile Security
1
2
3
4
5
SURVEY HIGHLIGHTS
BYOD & MOBILE SECURITY | read the 2013 survey results 3
The top-3 drivers for BYOD are all about keeping employees happy and productive: greater employee satisfaction (55 percent), improved employee mobility (54 percent) and increased employee productivity (51 percent).
Greater employee satisfaction
Improved employee mobility
Increased employee productivity
Reduced device/endpointhardware costs
Reduced operationalsupport costs
Other
What are the main drivers and expected benefits of BYOD for your company?
0% 20% 40% 60%
WHAT ARE THE MAIN DRIVERSand benefits of BYOD for your company?Q1
BYOD & MOBILE SECURITY | read the 2013 survey results 4
While a slim majority of organizations support company-owned devices,
BYOD is clearly on everyone’s radar.
Company-owned devicesare widely used
Privately-owned devicesare in very limited use
Privately-owned devices are widely in use,but not supported by the organization
Privately-owned devices are widely inuse and supported through a BYOD policy
BYOD is under evaluation
Which of the following describes your organization’s overall policy towardsprivately-owned and company-owned mobile devices for business use?
There are currently no plans to use privatedevices within the next 12 months
We plan to allow private deviceswithin the next 12 months
Other
0% 10% 20% 30% 40%
WHICH IS YOURorganization’s BYOD policy?Q2
BYOD & MOBILE SECURITY | read the 2013 survey results 5
BYOD causes significant security concerns: Loss of company or client data (75 percent), unauthorized access to company data & systems (65 percent) and fear of malware infections (47 percent) top the list.
Loss of company or client data
Malware infections
Lost or stolen devices
Device management
Unauthorized access to companydata and systems
What are your main security concerns related to BYOD?
Compliance with industry regulations
Support & maintenance
Other
0% 20% 40% 60% 80%
None
WHAT ARE YOUR MAIN SECURITYconcerns related to BYOD?Q3
BYOD & MOBILE SECURITY | read the 2013 survey results 6
The biggest impact of mobile security threats is the need for
additional IT resources
to manage them (33 percent).
And 28 percent of respondents
report no negative impact from
mobile threats in the past 12
months.
Additional IT resources needed tomanage mobile security
Corporate data loss or theft
Cost of cleaning up malware infections
Increased helpdesk timeto repair damage
None
What negative impact did mobile threats have on your company in the past 12 months?
Don’t know
Disrupted business activities
Reduced employee productivity
0% 5% 10% 15% 20% 25% 30% 35%
The company had to pay regulatory fines
Other
Increased cost due to devices subscribedto premium pay-for-services
WHAT NEGATIVE IMpACT DIDmobile threats have on your company?Q4
BYOD & MOBILE SECURITY | read the 2013 survey results 7
The most popular mobile platform for BYOD is
iOS/Apple (72 percent).
Which mobile platforms does your company support?
iOS / Apple
Android / Google
RIM / Blackberry
Windows / Microsoft
None
All other responses
0% 10% 20% 30% 40% 50% 60% 70% 80%
WHICH MObILE pLATfORMSdoes your company support?Q5
BYOD & MOBILE SECURITY | read the 2013 survey results 8
Central management of mobiledevices and applications
None
Employee training
Detailed BYOD policies
Other
Which company policies and procedures do youhave in place for mobile devices?
0% 10% 20% 30% 40%
WHICH COMpANY pOLICIES DOyou have in place for mobile devices?Q6
Central management of mobile devices and applications (39 percent) tops the list of BYOD policies and procedures currently in place. 32 percent of organizations say they do not have any policies or procedures in place.
BYOD & MOBILE SECURITY | read the 2013 survey results 9
Mandatory use of encryption
(40 percent) is the most used risk control measure for mobile devices.34 percent of organizations say they have no risk control measures in place.
Mandatory use of encryption
None
Endpoint Integrity Checking
Auditing of mobile devices
Attack and penetration testingof mobile applications
Which risk control measures are in place for mobile devices?
0% 10% 20% 30% 40%
Other
WHICH RISk CONTROL MEASURESare in place for mobile devices?Q7
BYOD & MOBILE SECURITY | read the 2013 survey results 10
85 percent of organizations
have most of their intellectual
property and sensitive data
stored in the datacenter/network.
Where is most of your intellectual property and sensitive data stored?
Datacenter / Network
Device / Endpoint
Cloud
Other
0% 20% 40% 60% 80% 100%
WHERE IS MOST Of YOUR INTELLECTUALproperty and sensitive data stored?Q8
BYOD & MOBILE SECURITY | read the 2013 survey results 11
77 percent of organizations are
most concerned about protecting
business and employee data.
Business and employee data(in databases, apps, etc)
Documents
Emails
Contacts
What type of intellectual property and sensitive data are you most concerned about?
Images
Text messages
Voice conversations
0% 20% 40% 60% 80%
Other
WHAT TYpE Of INTELLECTUAL pROpERTY& sensitive data are you most concerned about?Q9
BYOD & MOBILE SECURITY | read the 2013 survey results 12
Mobile device managementtools (MDM) are most frequently used by
40 percent of organizations to
monitor and govern mobile devices.
22 percent of organizations say
they have no tools to monitor
and govern mobile devices.
Mobile Devices Management(MDM) Tools
Endpoint Security Tools
Network Access Controls (NAC)
Endpoint Malware Protections
Which tools are used to monitor and govern the handling of mobile devices?
None
Configuration Controls /Lifecycle Management
Other
0% 10% 20% 30% 40%
WHICH TOOLS ARE USED TO MONITORand govern the handling of mobile devices?Q10
BYOD & MOBILE SECURITY | read the 2013 survey results 13
45 percent of organizations
embed personal mobile
devices via
guest networking and separate networks.
How are current mobile devices embedded in your organization’s IT-infrastructure?
0% 10% 20% 30% 40% 50%
Guest networking / separate networks for personal mobile devices
Incident management procedures are employed / amended
An application repository exists for mobile devices
Other
None
HOW ARE CURRENT MObILE DEVICESembedded in your organization’s IT-infrastructure?Q11
BYOD & MOBILE SECURITY | read the 2013 survey results 14
32 percent of organizations
are considering or implementing
on-premise BYOD solutions.
In order to meet your BYOD objectives and deploy relevant technologies, have you considered or already implemented one of the following?
0% 5% 10% 15% 20% 25% 30% 35%
On premise solutions
None
Cloud (SaaS) solutions
Other
Hybrid of cloud and on-premise solutions
HOW ARE YOU DEpLOYING BYOD solutions?Q12
BYOD & MOBILE SECURITY | read the 2013 survey results 15
The most important success
criterion of BYOD deployments is
maintaining security
for 70 percent of organizations.
Employee productivity ranks
second with 54 percent.
Security
Employee productivity
Usability
Device management
What are your most important success criteria for BYOD deployments?
Cost reduction
Innovation
Technology consolidation
0% 20% 40% 60% 80%
Other
WHAT ARE YOUR MOST IMpORTANTsuccess criteria for BYOD deployments?Q13
BYOD & MOBILE SECURITY | read the 2013 survey results 16
Email accounts (49 percent),
access and authentication
(47 percent), and acceptable
usage & employee education
(42 percent) are the
top-3 mobile device policy topicsfor organizations.
Email accounts
Which topics are covered by your company's Mobile Device Policy?
Access and authenticationAcceptable usage
/ employee educationDevice wiping
Stored data
Malware protection
Configuration
Applications
Guest networking
Location tracking
SMS
Other
We don’t have a mobiledevice policy
0% 10% 20% 30% 40% 50%
WHICH TOpICS ARE COVERED bYyour company’s Mobile Device Policy?Q14
BYOD & MOBILE SECURITY | read the 2013 survey results 17
Logging, monitoring and reporting
are the most required features
(69 percent) of mobile device
management tools (MDM).
Logging, monitoring and reporting
In your opinion, which capabilities are required forMobile Device Management (MDM) tools?
Centralized functionality
Malware protection
Ease of deployment
Configuration controls
Endpoint Integrity Checking
Role-based access rulesFlexible configuration to support
different requirements and parametersHarmonization across mobile
platform typesIntegration with other Endpoint
Management SystemsOther
0% 20% 40% 60% 80%
WHICH CApAbILITIES ARE REQUIREDfor Mobile Device Management (MDM) tools?Q15
BYOD & MOBILE SECURITY | read the 2013 survey results 18
60 percent of
organizations have not yet adopted BYOD,but are considering it. Only
10 percent of non-adopters are
ruling it out. 24 percent are
actively working on policies,
procedures and infrastructure
for BYOD.
Not yet adopted, but considering
Working on the policies, procedures andinfrastructure to enable BYOD
Currently evaluating the cost/ benefits of BYOD adoption
BYOD already fully implemented
Which stage of BYOD adoption has been reached in your company?
Considering BYOD adoption within a year
Not yet adopted, and no plans
BYOD will not be permitted
0% 10% 20% 30% 40% 50% 60% 70%
Other
WHICH STAGE Of bYOD ADOpTIONhas been reached in your company?Q16
BYOD & MOBILE SECURITY | read the 2013 survey results 19
A majority of organizations
say they are
less than 50 percent ready to adopt BYOD
for their enterprise.
How would you rate your readiness for full enterprise BYOD adoption(in percent | 100 is completely ready)?
0 10 20 30 40 50 60 70 80 90 1000%
2%
4%
6%
8%
10%
12%
14%
Readiness in %
Responses in %
HOW WOULD YOU RATE YOUR READINESSfor full enterprise BYOD adoption?Q17
BYOD & MOBILE SECURITY | read the 2013 survey results 20
41 percent of all organizations
create mobile apps for employees
- 40 percent do not. 18 percent
plan to do so in the future.
Does your organization create / use mobile apps for businesspurposes by employees?
0% 10% 20% 30% 40% 50%
Yes
No
Planned in the future
Other
DOES YOUR ORGANIzATION CREATE / USEmobile apps for business purposes by employees?Q18
BYOD & MOBILE SECURITY | read the 2013 survey results 21
43 percent of organizations
create mobile apps for customers
- 40 percent do not. 17 percent
plan to do so in the future.
Does your organization create / use mobile apps for business purposes by customers?
0% 10% 20% 30% 40% 50%
Yes
No
Planned in the future
Other
DOES YOUR ORGANIzATION CREATE / USEmobile apps for business purposes by customers?Q19
BYOD & MOBILE SECURITY | read the 2013 survey results 22
The most popular mobile
business applications are
email, calendar and contact management
(85 percent).
Email/Calendar/Contacts
Document access / editing
Access to Sharepoint / Intranet
Access to company-built applications
What do you think are the most popular business applicationsused on BYOD devices?
File sharing
Access to SaaS apps such as Salesforce
Virtual Desktop
0% 20% 40% 60% 80% 100%
Video conferencing
Cloud Backup
Other
WHAT ARE THE MOST pOpULARbusiness applications used on BYOD devices?Q20
BYOD & MOBILE SECURITY | read the 2013 survey results 23
This survey was conducted in April 2013. We collected 1,650 responses from information security professionals across the world – here is a detailed breakdown of the demographics.
Software & Internet
What industry is your company in?
0% 5% 10% 15% 20%
Computers & ElectronicsFinancial ServicesBusiness Services
GovernmentTelecommunications
EducationManufacturing
Healthcare, Pharmaceuticals, & BiotechEnergy & Utilities
RetailNon-profit
Media & EntertainmentTransportation & Storage
Consumer ServicesAgriculture & Mining
Real Estate & ConstructionTravel, Recreation & Leisure
Wholesale & DistributionOther
Owner/CEO/President
Director
C-Level (CTO, CIO,CMO, CFO, COO)
VP Level
Other
What is your career level?
0% 5% 10% 15% 20% 25% 30% 35%
Manager
Specialist
What is the size of your company (number of employees)?
32.6% | 10-99
25.3% | Fewer than 10
22.0% | 100-999
11.4% | 1,000-10,000
8.6% | 10,000+
Operations
Engineering
Product Management
Marketing
Other
What department do you work in?
0% 20% 40% 60%
Sales
IT
Legal
Finance
HR
SURVEY METHODOLOGY
BYOD & MOBILE SECURITY | read the 2013 survey results 24
We would like to thank our sponsors for supporting the BYOD & Mobile Security Report.
Lumension | www.lumension.comLumension Security, Inc., a global leader in endpoint management and security, develops, integrates and markets security software solutions that help businesses protect their vital information and manage critical risk across network and endpoint assets. Lumension enables more than 5,100 customers worldwide to achieve optimal security by delivering a proven and award-winning solution portfolio that includes Vulnerability Management, Endpoint Protection, Data Protection, Antivirus and Reporting and Compliance offerings. Headquartered in Scottsdale, Arizona, Lumension has operations worldwide. Lumension: IT Secured. Success Optimized.™
Symantec | www.symantec.comSymantec protects the world’s information, and is a global leader in security, backup and availability solutions. Our innovative products and services protect people and information in any environment – from the smallest mobile device, to the enterprise data center, to cloud-based systems. Our world-renowned expertise in protecting data, identities and interactions gives our customers confidence in a connected world.
KPMG | www.kpmg.comKPMG delivers a globally consistent set of multidisciplinary services based on deep industry knowledge. Our industry focus helps KPMG professionals develop a rich understanding of clients’ businesses and the insight, skills, and resources required to address industry-specific issues and opportunities..
MailGuard | www.mailguard.com.auThe MailGuard Group was founded in 2001 to address the growing online security concerns of business. Recognising that organisations needed a simple and inexpensive way to manage unwanted email and web content, we pioneered a range of cloud security solutions to provide complete protection against online threats. Today, we’ve built upon our reputation as a technological innovator to become a trusted name in enterprise cloud security.
Zimbani | www.zimbani.com.au Zimbani is an innovative technology consulting firm with a special focus on information security, mobility and cloud. We help businesses acquire a competitive edge by incorporating the latest technology that can improve their current performance as well as prepare them for future challenges. Our extensive experience in the industry has helped us deliver capabilities that can ultimately optimise the service and products offered by our customers. Our aim is to provide businesses with highly cost effective, trustworthy, productive and innovative solutions that will add value to your business. With our help our clients have been able to deliver secure, efficient and adaptive services with ease.
SpONSORS
BYOD & MOBILE SECURITY | read the 2013 survey results 25
About the Information Security Community
Over 160,000+ members make the Information Security Community on Linkedin is the word’s largest community of infosec professionals. We are building a network of infosec professionals that connects people, opportunities, and ideas. If you are involved in purchasing, selling, designing, managing, deploying, using ... or learning about information security solutions an concepts - this group is for you.
Join the INFORMATIONSECURITYCOMMUNITY
on LinkedIn
InformationSecurity
Group Partner
Many thanks to everybody who participated in this survey.
If you are interested in co-sponsoring upcoming surveys, or creating your own survey report, please contact Holger Schulze at [email protected].
THANk YOU
BYOD & MOBILE SECURITY | read the 2013 survey results 26
Holger Schulze is a B2B technology marketing
executive delivering demand, brand awareness,
and revenue growth for high-tech companies.
A prolific blogger and online community builder,
Holger manages the B2B Technology Marketing
Community on LinkedIn with over 42,000
members and writes about B2B marketing trends
in his blog Everything Technology Marketing.
Our goal is to inform and educate B2B marketers
about new trends, share marketing ideas and
best practices, and make it easier for you to find
the information you care about to do your jobs
successfully.
Holger SchulzeB2B Marketer
Follow Holger on Twitterhttp://twitter.com/holgerschulze
Subscribe to Holger’sTechnology Marketing Bloghttp://everythingtechnologymarketing.blogspot.com
AbOUT THE AUTHOR