BYOD & MOBILE SECURITY

2013 surve y results BYOD & MOBILE SECURITY Group Partner Information Security Sponsored by Symantec KPMG Zimbani MailGuard

INTRODUCTION Welcome to the 2013 BYOD & Mobile Security Report! Bring Your Own Device (BYOD) is a popular topic this year as more companies are adopting employee-owned mobile devices (or deciding against it for security and data control reasons). The 160,000 member Information Security Community on LinkedIn conducted the survey BYOD & Mobile Security 2013 to shed some light on the drivers for BYOD, how companies will benefit from BYOD, and how they respond to the security risks associated with this trend. Share the Report The results are in - we received more than 1,600 responses and found interesting insights into BYOD adoption patterns and mobile security practices. We hope you will enjoy the report. Thanks to everyone who participated in the survey! Holger Schulze Group Owner, Information Security Community hhschulze@gmail.com +1 302-383-5817 BYOD & MOBILE SECURITY Read the 2013 survey results 1

SURVEY HIGHLIGHTS Top-5 Trends in BYOD & Mobile Security 1 2 3 The number one benefit of BYOD is greater employee satisfaction and productivity. A majority of companies are concerned about loss of and unauthorized access to data. Encryption is the most used risk control measure for mobile devices. 4 The biggest impact of mobile security threats is the need for additional IT resources to manage them. 5 The most popular mobile business applications are email, calendar and contact management. The most popular mobile platform for BYOD is ios/apple. BYOD & MOBILE SECURITY Read the 2013 survey results 2

Q1 WHAT ARE THE MAIN DRIVERS and benefits of BYOD for your company? The top-3 drivers for BYOD are all about keeping employees happy and productive: greater employee satisfaction (55 percent), improved employee mobility (54 percent) and increased employee productivity (51 percent). What are the main drivers and expected benefits of BYOD for your company? Greater employee satisfaction Improved employee mobility Increased employee productivity Reduced device/endpoint hardware costs Reduced operational support costs 0% 20% 40% 60% BYOD & MOBILE SECURITY Read the 2013 survey results 3

Q2 Which is your organization s BYOD policy? While a slim majority of organizations support company-owned devices, BYOD is clearly on everyone s radar. Which of the following describes your organization s overall policy towards privately-owned and company-owned mobile devices for business use? Company-owned devices are widely used BYOD is under evaluation Privately-owned devices are in very limited use Privately-owned devices are widely in use, but not supported by the organization Privately-owned devices are widely in use and supported through a BYOD policy There are currently no plans to use private devices within the next 12 months We plan to allow private devices within the next 12 months 0% 10% 20% 30% 40% BYOD & MOBILE SECURITY Read the 2013 survey results 4

Q3 concerns related to BYOD? What are your main security BYOD causes significant security concerns: Loss of company or client data (75 percent), unauthorized access to company data & systems (65 percent) and fear of malware infections (47 percent) top the list. What are your main security concerns related to BYOD? Loss of company or client data Unauthorized access to company data and systems Malware infections Lost or stolen devices Device management Compliance with industry regulations Support & maintenance None 0% 20% 40% 60% 80% BYOD & MOBILE SECURITY Read the 2013 survey results 5

Q4 What negative impact did mobile threats have on your company? The biggest impact of mobile security threats is the need for additional IT resources to manage them (33 percent). And 28 percent of respondents report no negative impact from mobile threats in the past 12 months. What negative impact did mobile threats have on your company in the past 12 months? Additional IT resources needed to manage mobile security Corporate data loss or theft Cost of cleaning up malware infections Increased helpdesk time to repair damage Don t know Disrupted business activities Reduced employee productivity Increased cost due to devices subscribed to premium pay-for-services The company had to pay regulatory fines None 0% 5% 10% 15% 20% 25% 30% 35% BYOD & MOBILE SECURITY Read the 2013 survey results 6

Q5 does your company support? Which mobile platforms The most popular mobile platform for BYOD is ios/apple (72 percent). Which mobile platforms does your company support? ios / Apple Android / Google RIM / Blackberry Windows / Microsoft None All other responses 0% 10% 20% 30% 40% 50% 60% 70% 80% BYOD & MOBILE SECURITY Read the 2013 survey results 7

Q6 Which company policies DO you have in place for mobile devices? Central management of mobile devices and applications (39 percent) tops the list of BYOD policies and procedures currently in place. 32 percent of organizations say they do not have any policies or procedures in place. Central management of mobile devices and applications Which company policies and procedures do you have in place for mobile devices? Employee training Detailed BYOD policies None 0% 10% 20% 30% 40% BYOD & MOBILE SECURITY Read the 2013 survey results 8

Q7 are in place for mobile devices? Which risk control measures Mandatory use of encryption (40 percent) is the most used risk control measure for mobile devices. 34 percent of organizations say they have no risk control measures in place. Which risk control measures are in place for mobile devices? Mandatory use of encryption Endpoint Integrity Checking Auditing of mobile devices Attack and penetration testing of mobile applications None 0% 10% 20% 30% 40% BYOD & MOBILE SECURITY Read the 2013 survey results 9

Q8 property and sensitive data stored? Where is most of your intellectual 85 percent of organizations have most of their intellectual property and sensitive data stored in the datacenter/network. Where is most of your intellectual property and sensitive data stored? Datacenter / Network Device / Endpoint Cloud 0% 20% 40% 60% 80% 100% BYOD & MOBILE SECURITY Read the 2013 survey results 10

What type of intellectual property Q9& sensitive data are you most concerned about? 77 percent of organizations are most concerned about protecting business and employee data. What type of intellectual property and sensitive data are you most concerned about? Business and employee data (in databases, apps, etc) Documents Emails Contacts Images Text messages Voice conversations 0% 20% 40% 60% 80% BYOD & MOBILE SECURITY Read the 2013 survey results 11

Q10 Which tools are used to monitor and govern the handling of mobile devices? Mobile device management tools (MDM) are most frequently used by 40 percent of organizations to monitor and govern mobile devices. 22 percent of organizations say they have no tools to monitor and govern mobile devices. Which tools are used to monitor and govern the handling of mobile devices? Mobile Devices Management (MDM) Tools Endpoint Security Tools Network Access Controls (NAC) Endpoint Malware Protections Configuration Controls /Lifecycle Management None 0% 10% 20% 30% 40% BYOD & MOBILE SECURITY Read the 2013 survey results 12

Q11 How are current mobile devices embedded in your organization s IT-infrastructure? 45 percent of organizations embed personal mobile devices via guest networking and separate networks. How are current mobile devices embedded in your organization s IT-infrastructure? Guest networking / separate networks for personal mobile devices None Incident management procedures are employed / amended An application repository exists for mobile devices 0% 10% 20% 30% 40% 50% BYOD & MOBILE SECURITY Read the 2013 survey results 13

Q12 BYOD solutions? How are you deploying 32 percent of organizations are considering or implementing on-premise BYOD solutions. In order to meet your BYOD objectives and deploy relevant technologies, have you considered or already implemented one of the following? On premise solutions Hybrid of cloud and on-premise solutions None Cloud (SaaS) solutions 0% 5% 10% 15% 20% 25% 30% 35% BYOD & MOBILE SECURITY Read the 2013 survey results 14

Q13 success criteria for BYOD deployments? What are your most important The most important success criterion of BYOD deployments is maintaining security for 70 percent of organizations. Employee productivity ranks second with 54 percent. What are your most important success criteria for BYOD deployments? Security Employee productivity Usability Device management Cost reduction Innovation Technology consolidation 0% 20% 40% 60% 80% BYOD & MOBILE SECURITY Read the 2013 survey results 15

Q14 Which topics are covered BY your company s Mobile Device Policy? Email accounts (49 percent), access and authentication (47 percent), and acceptable usage & employee education (42 percent) are the top-3 mobile device policy topics for organizations. Which topics are covered by your company's Mobile Device Policy? Email accounts Access and authentication Acceptable usage / employee education Device wiping Stored data Malware protection Configuration Applications We don t have a mobile device policy Guest networking Location tracking SMS 0% 10% 20% 30% 40% 50% BYOD & MOBILE SECURITY Read the 2013 survey results 16

Q15 which capabilities ARE REQUIRED for Mobile Device Management (MDM) tools? Logging, monitoring and reporting are the most required features (69 percent) of mobile device management tools (MDM). Logging, monitoring and reporting Centralized functionality Malware protection Ease of deployment Configuration controls Endpoint Integrity Checking Role-based access rules Flexible configuration to support different requirements and parameters Harmonization across mobile platform types Integration with other Endpoint Management Systems In your opinion, which capabilities are required for Mobile Device Management (MDM) tools? 0% 20% 40% 60% 80% BYOD & MOBILE SECURITY Read the 2013 survey results 17

Q16 has been reached in your company? Which stage of BYOD adoption 60 percent of organizations have not yet adopted BYOD, but are considering it. Only 10 percent of non-adopters are ruling it out. 24 percent are actively working on policies, procedures and infrastructure for BYOD. Which stage of BYOD adoption has been reached in your company? Not yet adopted, but considering Working on the policies, procedures and infrastructure to enable BYOD Currently evaluating the cost / benefits of BYOD adoption BYOD already fully implemented Considering BYOD adoption within a year Not yet adopted, and no plans BYOD will not be permitted 0% 10% 20% 30% 40% 50% 60% 70% BYOD & MOBILE SECURITY Read the 2013 survey results 18

Q17 for full enterprise BYOD adoption? How would you rate your readiness A majority of organizations say they are less than 50 percent ready to adopt BYOD for their enterprise. How would you rate your readiness for full enterprise BYOD adoption (in percent 100 is completely ready)? Responses in % 14% 12% 10% 8% 6% 4% 2% 0% 0 10 20 30 40 50 60 70 80 90 100 Readiness in % BYOD & MOBILE SECURITY Read the 2013 survey results 19

Q18 Does your organization create / use mobile apps for business purposes by employees? 41 percent of all organizations create mobile apps for employees - 40 percent do not. 18 percent plan to do so in the future. Does your organization create / use mobile apps for business purposes by employees? Yes No Planned in the future 0% 10% 20% 30% 40% 50% BYOD & MOBILE SECURITY Read the 2013 survey results 20

Q19 Does your organization create / use mobile apps for business purposes by customers? 43 percent of organizations create mobile apps for customers - 40 percent do not. 17 percent plan to do so in the future. Does your organization create / use mobile apps for business purposes by customers? Yes No Planned in the future 0% 10% 20% 30% 40% 50% BYOD & MOBILE SECURITY Read the 2013 survey results 21

What are the most POPULAR Q20business applications used on BYOD devices? The most popular mobile business applications are email, calendar and contact management (85 percent). What do you think are the most popular business applications used on BYOD devices? Email/Calendar/Contacts Document access / editing Access to Sharepoint / Intranet Access to company-built applications File sharing Access to SaaS apps such as Salesforce Virtual Desktop Video conferencing Cloud Backup 0% 20% 40% 60% 80% 100% BYOD & MOBILE SECURITY Read the 2013 survey results 22

SURVEY METHODOLOGY This survey was conducted in April 2013. We collected 1,650 responses from information security professionals across the world here is a detailed breakdown of the demographics. What industry is your company in? Software & Internet Computers & Electronics Financial Services Business Services Government Telecommunications Education Manufacturing Healthcare, Pharmaceuticals, & Biotech Energy & Utilities Retail Non-profit Media & Entertainment Transportation & Storage Consumer Services Agriculture & Mining Real Estate & Construction Travel, Recreation & Leisure Wholesale & Distribution 0% 5% 10% 15% 20% What department do you work in? IT Sales Operations Engineering Product Management Marketing Legal Finance HR 0% 20% 40% 60% What is your career level? What is the size of your company (number of employees)? Specialist Manager Owner/CEO/President Director C-Level (CTO, CIO, CMO, CFO, COO) VP Level 25.3% Fewer than 10 32.6% 10-99 22.0% 100-999 11.4% 1,000-10,000 8.6% 10,000+ 0% 5% 10% 15% 20% 25% 30% 35% BYOD & MOBILE SECURITY Read the 2013 survey results 23

SPONSORS We would like to thank our sponsors for supporting the BYOD & Mobile Security Report. Lumension www.lumension.com Lumension Security, Inc., a global leader in endpoint management and security, develops, integrates and markets security software solutions that help businesses protect their vital information and manage critical risk across network and endpoint assets. Lumension enables more than 5,100 customers worldwide to achieve optimal security by delivering a proven and award-winning solution portfolio that includes Vulnerability Management, Endpoint Protection, Data Protection, Antivirus and Reporting and Compliance offerings. Headquartered in Scottsdale, Arizona, Lumension has operations worldwide. Lumension: IT Secured. Success Optimized. Symantec www.symantec.com Symantec protects the world s information, and is a global leader in security, backup and availability solutions. Our innovative products and services protect people and information in any environment from the smallest mobile device, to the enterprise data center, to cloud-based systems. Our world-renowned expertise in protecting data, identities and interactions gives our customers confidence in a connected world. KPMG www.kpmg.com KPMG delivers a globally consistent set of multidisciplinary services based on deep industry knowledge. Our industry focus helps KPMG professionals develop a rich understanding of clients businesses and the insight, skills, and resources required to address industry-specific issues and opportunities.. Zimbani www.zimbani.com.au Zimbani is an innovative technology consulting firm with a special focus on information security, mobility and cloud. We help businesses acquire a competitive edge by incorporating the latest technology that can improve their current performance as well as prepare them for future challenges. Our extensive experience in the industry has helped us deliver capabilities that can ultimately optimise the service and products offered by our customers. Our aim is to provide businesses with highly cost effective, trustworthy, productive and innovative solutions that will add value to your business. With our help our clients have been able to deliver secure, efficient and adaptive services with ease. MailGuard www.mailguard.com.au The MailGuard Group was founded in 2001 to address the growing online security concerns of business. Recognising that organisations needed a simple and inexpensive way to manage unwanted email and web content, we pioneered a range of cloud security solutions to provide complete protection against online threats. Today, we ve built upon our reputation as a technological innovator to become a trusted name in enterprise cloud security. BYOD & MOBILE SECURITY Read the 2013 survey results 24

THANK YOU Many thanks to everybody who participated in this survey. If you are interested in co-sponsoring upcoming surveys, or creating your own survey report, please contact Holger Schulze at hhschulze@gmail.com. Group Partner Information Security About the Information Security Community Over 160,000+ members make the Information Security Community on Linkedin is the word s largest community of infosec professionals. We are building a network of infosec professionals that connects people, opportunities, and ideas. If you are involved in purchasing, selling, designing, managing, deploying, using... or learning about information security solutions an concepts - this group is for you. Join the INFORMATION SECURITY Community on LinkedIn BYOD & MOBILE SECURITY Read the 2013 survey results 25

ABOUT THE AUTHOR Holger Schulze is a B2B technology marketing executive delivering demand, brand awareness, and revenue growth for high-tech companies. A prolific blogger and online community builder, Holger manages the B2B Technology Marketing Community on LinkedIn with over 42,000 members and writes about B2B marketing trends in his blog Everything Technology Marketing. Email hhschulze@gmail.com Holger Schulze B2B Marketer Our goal is to inform and educate B2B marketers about new trends, share marketing ideas and best practices, and make it easier for you to find the information you care about to do your jobs successfully. Follow Holger on Twitter http://twitter.com/holgerschulze Subscribe to Holger s Technology Marketing Blog http://everythingtechnologymarketing.blogspot.com BYOD & MOBILE SECURITY Read the 2013 survey results 26