The effects of the bring your own device trend are deterring some companies from implementing formal policies to...
address it head-on, according to a new survey from Broomfield, Colo.-based security firm Webroot Inc.
One of the biggest concerns IT professionals will have with their user base is lost devices.
senior threat analyst, Webroot Inc.
According to the Webroot Business Mobile Security report, 56.5% of mobile security decision makers with bring your own device (BYOD) implemented at their companies said managing the security of employees' devices is challenging. Webroot gathered the results through an online survey of 725 endpoint and mobile security decision makers from companies in the U.S., U.K. and Australia that responded.
The mixture of laptops, mobile phones and tablet devices with multiple platforms and multiple product versions in the market have created pressure on CISOs and IT security teams to find ways to secure them, said Armando Orozco, senior threat analyst at Webroot. The survey found that 62% of companies with company-owned or employee-owned mobile devices reported significant increases in demand for help desk support to repair, replace or manage the security of the smartphones and tablets in the company.
The complicated BYOD challenges may be deterring some companies from installing any plan at all. Fifty-six percent of those surveyed indicated that they are very or extremely concerned about mobile threats but have no plans to implement a policy. Regulatory compliance also is not motivating firms to take action: Thirty-one percent are worried about compliance with industry regulations but have no plans for mobile security.
In addition, 31.6% said the cost savings and productivity gains from allowing employees to use their personal mobile devices at work outweighs the security risks.
"One of the biggest concerns IT professionals will have with their user base is lost devices," Orozco said. That concern is well established. In the survey, participants identified lost or stolen devices as the most common problem; 43.5% of decision makers said their companies experienced this issue in the past year.
Mobile security decision makers at companies that have implemented security controls had stronger concerns about mobile threats. Mobile malware infections are a chief issue because of fears over loss of company or customer data and compliance with industry regulations.
The effects of mobile threats on companies were also high. In the past year, 60.2% of companies required additional IT resources to manage mobile security. Fifty-five percent said employee productivity decreased due to threats.
These numbers included companies with and without mobile security. When the groups were separated, companies with no mobile security reported higher numbers, but not by much. Sixty-three percent of those without mobile security needed additional IT resources to manage security, compared to 57.5% of those with mobile security.
Overall, endpoint security is still more highly valued than mobile security, with 79.6% of companies rating endpoint security as a high priority and 48.9% saying mobile security is a high priority.