Mobile // Mobile Devices
News
11/19/2010
12:26 PM
Connect Directly
RSS
E-Mail
50%
50%

CIOs See Smartphones As Data Breach Time Bomb

Nearly half of employees can use their personal devices to connect to enterprise networks despite security risks, finds Ovum study.

Strategic Security Survey: Global Threat, Local Pain
Strategic Security Survey: Global Threat, Local Pain
(click image for larger view and for full slideshow)

Eight out of 10 CIOs think that using smartphones in the workplace increases the business's vulnerability to attack, and rank data breaches as their top related security concern. Yet half of organizations fail to authenticate their employees' mobile devices, among other basic security measures.

Those finding come from a report released Wednesday conducted by market researcher Ovum together with the European Association for e-Identity and Security (EEMA).

The study found that the so-called consumerization of enterprise IT, meaning employees who bring ostensibly consumer devices to work, continues at full pace. According to the report, 48% of employees are allowed to use mobile devices that they own to connect to corporate systems. Meanwhile, 70% of employees can currently use corporate-owned computing devices for personal activities.

"Employees will want to use their devices, no matter who owns them, for both their work and personal lives," said Graham Titterington, a principal analyst at Ovum, in a statement. "It is unrealistic to delineate between these uses for employees who are mobile and working out of the office for a large part of their time."

Interestingly, 90% of organizations provide -- or will soon offer -- mobile devices to their employees. A majority said those devices would be BlackBerry smartphones, which mirrors the continuing market dominance of the BlackBerry platform -- with a 37% market share, ahead of Apple (24%) and Android (21%).

But mobile device security controls remain a weak point, with only half of organizations authenticating their mobile device users. Among those, about two-thirds rely on usernames and passwords, while 18% use public key infrastructure (PKI) certificates, and only 9% employ two-factor authentication with one-time passwords. Furthermore, only about 25% of organizations ensure that employees' mobile devices are running antivirus and anti-malware software.

"As this new study bears out, putting a smartphone security strategy in place is now a business imperative," said Roger Dean, director at EEMA, in a statement. "But how many organizations have the in-house expertise required to develop and implement a mobile strategy that fits seamlessly with their overall security profile?"

According to Titterington, "organizations must establish a holistic security strategy that addresses the consumerization of this fast-growing channel into corporate networks and data."

Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - August 27, 2014
Who wins in cloud price wars? Short answer: not IT. Enterprises don't want bare-bones IaaS. Providers must focus on support, not undercutting rivals.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Howard Marks talks about steps to take in choosing the right cloud storage solutions for your IT problems
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.