Bekker's Blog

Blog archive

Study: BYOD Usage Widespread but Security Is a Question Mark

Bring your own device (BYOD) usage is widespread, popular with companies and users, and largely mysterious when it comes to security, according to a new survey of 800 security professionals worldwide.

Conducted by Crowd Research Partners within the Information Security Community on LinkedIn, the survey was sponsored by Bitglass, Blancco Technology Group, Check Point Software Technologies, Skycure, SnoopWall and Tenable Network Security.

Respondents were overwhelmingly permitting BYOD in their organizations. BYOD was available to all employees at 40 percent of the companies and select employees at 32 percent of the companies. In addition, some organizations were enabling BYOD for contractors (23 percent), partners (16 percent), customers (14 percent) and suppliers (9 percent).

Top reasons for allowing BYOD included carrots for both managers and employees, such as improved employee mobility (61 percent), greater employee satisfaction (56 percent), increased employee productivity (55 percent) and reduced cost (47 percent). The most commonly allowed app by far for BYOD was e-mail/calendar/contacts at 84 percent. The second most popular app was document access/editing at 45 percent, followed by access to SharePoint or company intranet, video conferencing and file sharing/synchronization.

The top obstacle to BYOD adoption was also a usual suspect; 39 percent of respondents cited security concerns.

Drilling into that question, Crowd Research Partners found substantial support for a laundry list of specific security concerns. The biggest concern is the logical worry about mobile devices, which by nature travel beyond the company's front door -- data leakage/loss. Seventy-two percent of respondents selected that concern. Other high-ranking concerns, in descending order, included unauthorized access to company data and systems, users download unsafe apps or content, malware, lost or stolen devices, vulnerability exploits, and inability to control endpoint security.

Despite the explosion of BYOD usage and concerns over its use, the survey's authors expressed surprise at finding mobile security budgets aren't going up across the board. Only 30 percent of respondents said their mobile security budget would increase over the next 12 months.

Based on the phrasing of the question and answers to some of the other questions, though, it's possible that mobile security issues are being addressed through other IT spending line items. For example, 35 percent reported that additional IT resources were needed in the past 12 months to manage mobile security and 27 percent reported increased helpdesk workloads. In another question, 33 percent said integration between mobile security solutions and existing security platforms was critical, suggesting that mobile security concerns might be addressed within general security budgets.

Perhaps most telling was how little respondents admitted they really knew about what was happening with their users' devices when it came to security incidents. Asked if any of their BYO or corporate-owned devices downloaded malware in the past, 35 percent answered "Not Sure." That "Not Sure" was also the most popular answer (48 percent) to a question about whether any of their BYO or corporate-owned devices connected to a malicious Wi-Fi network in the past. And 37 percent weren't sure if mobile devices had been involved in security breaches in their organization.

Organizations are, of course, trying to bring those mysteries and security holes under control with various methods, according to the survey. Risk control methods include password protection (63 percent), followed by remote wipe (49 percent) and device encryption (43 percent). The most common tool in use is mobile device management at 43 percent. Some of the other solutions, in descending order, include endpoint security tools, network access control, enterprise mobility management, mobile application management, configuration controls, and mobile threat defense and management.

Posted by Scott Bekker on March 30, 2016