Research: The lowdown on mobile security
Published: 25 Oct 2007 13:48 BST
Implementation of a policy on the use of mobile devices is not universal. Although almost two-thirds of the companies researched had such a policy in place, this left a third that did not. However, while the lack of a policy was quite commonplace among the smallest of organisations, availability increased steadily with increasing size of enterprise.
Encouragingly, where such a policy does exist, it is almost universally communicated to employees. Approaching four-fifths of enterprises notified all users of the policy in writing, and most of the rest discussed it with their staff.
- The enforcement of a mobile-security policy is also a matter of some importance, but 12 percent of organisations with a policy in place claimed to have no means of ensuring it was complied with. Of those that did, the majority depended on management supervision of their staff, and most of the rest on monitoring and analysis tools. Monitoring and analysis tools were more widely applied in the larger organisations.
- Use of personal mobile devices in the workplace is widespread. Although more than a third of all respondents stated that only company-owned devices were allowed, nearly 60 percent said that personal devices or personal and company devices were permitted by their employer.
- When questioned about the type of mobile-security threat, data and information security was of greatest concern to our respondents, followed closely by security of the company network and, finally, security of the mobile devices themselves. However, all types of security threat were taken seriously, with more than 85 percent of respondents considering each type of threat be important.
- Although the physical loss of devices is considered the least important of the three main types of threat, the loss of information when a device containing company-sensitive data or emails is lost or stolen is of great concern. This was rated the most important specific threat of all those considered. Next in importance was the possibility of unauthorised access by third parties to company-sensitive communications or data. This was followed by the loss or theft of mobile devices providing access to data on the company network.
- The two most important security measures identified were firewall and antivirus/anti-spam software. These are widely applied by more than two-thirds of all respondent organisations, with only modest growth in deployment anticipated in the near future.
- Half of all respondents reported the use of WLAN encryption and data encryption on their VPN, and data replication/backup was similarly applied. Each of these exhibited moderate growth, with around eight percent of all organisations planning to newly adopt these security measures over the next two years.
- All too often, authentication is by single factor alone, although two-factor authentication is rapidly increasing in popularity, with twice the number of current user enterprises anticipating deployment in two years' time.
- Strong growth is also anticipated for compliance control, remote wiping and remote monitoring, albeit from a smaller current-user base.
Previous
- Mobile security: Flexibility vs control
- The realities of mobile security
- Research: The lowdown on mobile security
- The dangers of taking consumer tech to work
- Keeping tabs on mobile security
- Top tips for improving mobile security
- BT launches secure mail services
- Symantec to acquire data-security company
- Gphone vs iPhone: The security debate
Did you find this article useful?
3 out of 3 people found this useful
- Share this article:
