May 03, 2012
Mobile Security a Work in Progress
Adaptability is fundamentally at odds with the requirements of an enterprise security plan. However, our InformationWeek 2012 Mobile Security Survey shows an alarming number of organizations making "adjustments" to their security policies in key areas based on the capabilities of the mobile devices they allow. Fully 86% of respondents permit use of personally owned devices now or are moving that way. With all that BYOD going on, you'd think IT would be laying down some firm ground rules, especially given that 84% of respondents identify lost or stolen devices as a key mobile security concern. At minimum, encryption of company data seems like a no-brainer.
However, most--69%--are waffling. Some vary policies on encrypting corporate data based on device type, ownership or approved use, while others insist on hardware encryption only if supported by the device.
If that seems backward, it's because, frankly, it is. CIOs should not be making such risky concessions in the rush to accommodate a cornucopia of mobile devices. It's easy to let a desire to respond to calls for choice trump the requirement to safeguard corporate information. And, in the absence of a highly publicized security incident tied to a poorly protected smartphone or tablet, IT will likely not get the management support (or budget) to address these issues adequately.
Just hope that when that particular bomb does drop--and it will--it doesn't have your name on it. (R4720512)
Survey Name InformationWeek 2012 Mobile Security Survey
Survey Date March 2012
Region North America
Number of Respondents 322
Purpose To examine mobile security technology trends and strategies.