Trend Micro Consumerization

Similar documents
Building a Comprehensive Mobile Security Strategy

Consumerization Survey Report The Consumerization of IT

In-flight broadband takes off in Europe - why airlines can no longer afford to wait. Change is in the Air. AVIATION > Connectivity > Research

How To Get Rid Of Byo

IT Executive and CEO Survey

The Convergence of IT Operations

Insights: Data Protection and the Cloud Europe

Web 2.0 in the Workplace Today

F5 Cloud / Virtualisation Research. October 2010

A number of factors contribute to the diminished regard for security:

Mitigating Bring Your Own Device (BYOD) Risk for Organisations

Enterprise Mobility: The Impact of Changing Employee Behaviour

Enhancing your collaboration platform for the evolving project workforce

trends and audit considerations

Why Your Employer Brand Matters

Survey findings. Executive Summary. Subject: BYOD

Results, 1st Quarter Patient Engagement. HIMSS Analytics ehealth TRENDBAROMETER Q1/2016

Whitepaper. How to Implement a Strong BYOD Policy. BYOD on the Rise - But with Challenges

EUROPE ERICSSON MOBILITY REPORT

BYOD Strategy - Advantages and Disadvantages

Social Media Study in European Police Forces: First Results on Usage and Acceptance

BYOD and IT Service Management: what is the likely impact?

White paper. Selecting and Implementing Secure

Endpoint protection for physical and virtual desktops

Today s Best Practices: How smart business is protecting enterprise data integrity and employee privacy on popular mobile devices. Your Device Here.

Kaspersky Lab PR Survey 2013 Report Netherlands_V1.0. TNS Infratest

How social technologies drive business success EUROPEAN SURVEY RESULTS 15 TH MAY 2012

How Technology Executives are Managing the Shift to BYOD

Law Firms in Transition: Marketing, Business Development and the Quest for Growth

The Shape of . Research Report. June

BUYER S GUIDE. The Unified Communications Buyer s Guide: Four Steps to Prepare for the Modern, Mobile Workforce

The Use of Social Media by Electronics Design Engineers

Improving business performance: Taking the pain out of document management

Table of Contents. Application Vulnerability Trends Report Introduction. 99% of Tested Applications Have Vulnerabilities

How To Protect Your Employees From Being Hacked By A Corporate Firewall

CHALLENGES FACING HR IN 2015

Consumerization. Managing the BYOD trend successfully. Harish Krishnan, General Manager, Wipro Mobility Solutions

METHODOLOGY THANKS TO CONNECTED DEVICES LIKE TABLETS AND SMARTPHONES, THE WAY PEOPLE SHOP IS CHANGING DRAMATICALLY.

Balancing business needs with user expectations to deliver. The New Mobile Experience

The State of Work-Life Balance in Hong Kong Survey

SOCIAL NETWORKING POLICY

The Challenges Posed by BYOD.

Mobility in Business Report

IT Organizations Embrace Bring-Your-Own Devices

A 4- Letter Acronym Sending CIOs Running Scared - BYOD

How To Use Social Media For A Job

Branding the Government As An Employer of Choice

Mobile Security Challenge Emerges Smart IT Leaders Evaluating Pervasive Security Options

KEY FINDINGS. 2 New trends in global shopping habits. Smartphones are increasingly important during all stages of the consumer journey

The Bring Your Own Device Era:

Commissioned Study. SURVEY: Mobile Threats are Real and Costly

A number of factors contribute to the diminished regard for security:

Emerging threats for the healthcare industry: The BYOD. By Luca Sambucci

The changing role of the IT department in a cloud-based world. Vodafone Power to you

Internal Communication

Cyber Security. CYBER SECURITY presents a major challenge for businesses of all shapes and sizes. Leaders ignore it at their peril.

Survey Results. Presented to ERPtips and JDEtips Jan 20, 2010

The Australian ONLINE CONSUMER LANDSCAPE

BRING YOUR OWN DEVICE

Raise your game go CLouD

Business Attitudes Toward Cybersecurity 2014

Privileged user management

The Path Forward. International Women s Day 2012 Global Research Results

Customer Testimonial V

Adults media use and attitudes. Report 2016

VMware Cloud Adoption Study

NAVIGATE THE UNCHARTERED WATERS OF BYOD WITH A SECURE POLICY

The Career Paradox for UK Women. An in-depth study across industry sectors exploring career support, the working environment and the talent pipeline.

PwC s 5th Annual Digital IQ Survey

Global Survey: What s creating tension between IT and business leaders? April 2014

PensionsEurope position paper on personal pension products

Maintaining Information Security while Allowing Personal Hand-Held Devices in the Enterprise

ENTERPRISE BYOD BEST PRACTICES POLICY AND SECURITY BEST PRACTICES FOR A SOUND ENTERPRISE MOBILITY PROGRAM

CIBECS / IDG Connect DATA LOSS SURVEY. The latest statistics and trends around user data protection for business.

Vodafone Global Enterprise Deploy the Apple iphone across your Enterprise with confidence

Fluoride and Dental Health in Europe

July Management Practice & Productivity: Why they matter

Feature BYOD - MOBILITY GOES VIRAL

Security Awareness Research 5 November 2010

The Business Impact of the Cloud. According to 460 Senior Financial Decision-Makers

When Desktops Go Virtual

W H I T E P A P E R E m b r a c i n g C o n s u m e r i z a t i o n w i t h C o n f i d e n c e

BOYD- Empowering Users, Not Weakening Security

State of Mobile Commerce.

WHITE PAPER. Mobile HR Solutions: Connecting & Empowering Your Workforce

The great debate: Corporate vs. personal liability for smartphones and tablet devices in the workplace

Business Benefits of Volunteering

Don t Let A Security Breach Put You Out of Business

Workplace of the Future: a global market research report

The Smart Shopper Snapshot. September 2015

INSIGHTS CUPP COMPUTING MOBILE SECURITY MULTINATIONAL DECISIONMAKERS STUDY 2015

Enterprise Mobility & BYOD: Four Biggest Challenges And How to Solve Them WHITE PAPER

UK Commission s Employer Perspectives Survey Executive Summary 64 December 2012

WHITE PAPER. Be Active about Passives! Why Corporations need to rethink how they recruit for executive and strategic roles

BYOD IN EDUCATION Miller 1

EOH Cloud Mobile Device Management. EOH Cloud Services - EOH Cloud Mobile Device Management

Enterprise on the Go. How enterprises can leverage mobile apps

Endpoint protection for physical and virtual desktops

DEVELOPMENTS FOR OUR EMPLOYEES

Transcription:

Trend Micro Consumerization Research Findings Free range devices: The cause and effect of consumerization in the workplace A Trend Micro Executive Summary January 2012

Executive Summary Mobile device use in the workplace has experienced explosive growth over recent years. Whether it s smartphones, laptops or tablets, wireless network-connected devices have changed the way we access, generate and share corporate information. In parallel to this, consumer mobile computing technology has become more advanced and accessible. This in turn has led to the emergence of a phenomenon commonly known as consumerization; the trend towards consumer technology moving from the home into the enterprise. This global research project involving 2,245 office workers from across Europe aims to identify what is driving this consumerization of workplace technology, what its impact is, and who is responsible for ensuring employees, devices and data remain secure. These times of rapid technological change within organisations are putting immense pressure on technology professionals to manage and retain control of the data entering and leaving their organisations. Businesses that can accomplish this while continuing to realise the benefits that consumerization can bring will be best positioned for success. This report explores in more depth what the root of these challenges is and what organisations can do to overcome them. Key Findings The research identifies a series of key trends and challenges related to consumerization impacting on the enterprise: While employers are perceived to expect a rise in productivity as the primary advantage of consumerization (48%), employees value the capability to work remotely (55%), convenience (47%) and the ability to combine work and personal device use () Mobile devices that have the potential to put company data at risk are rife in the workplace (70%), however security policies and procedures have yet to catch up where policies are in place, they are often ignored by staff (25%) Data security on personal devices a major corporate risk is being dealt with on a maintenance level, rather than a strategic level (70%) The security risks of some applications are currently underestimated, while others are overestimated Belgium Denmark 4% 3% UK 22% Respondent breakdown: Methodology France 22% Sweden 4% Norway 2% Netherlands 4% The research was conducted via an online survey of 2,245 respondents (UK: 500, Denmark: 70, Belgium: 100, Sweden: 80, Norway: 50, Ireland: 45, Netherlands: 100, Italy: 300, France: 500, Germany: 500). All respondents were office workers in companies of 500 or more. The sample was 50% male / 50% female. The survey Germany 22% Ireland 2% Italy 13% was conducted in October 2011 and managed by Loudhouse, an independent research consultancy based in London. 1 Executive Summary The cause and effect of consumerization in the workplace

Personal devices in the workplace: here to stay With nearly half of those questioned (47%) stating that their employer allows staff to use personal devices for work, it is clear that consumerization in the workplace has truly arrived. However this shift in technology use within the workplace is largely happening outside of IT departments roadmaps, with 39% of respondents agreeing that the growth of employees using their personal devices for work related activities is rapid and unplanned. Of those taking their personal devices into the workplace, laptops (76%), mobiles (non-smartphone) (61%) and smartphones (57%) are the most commonly used devices, followed by netbooks (32%) and tablets (). The trend towards these personal devices that can store and transport data are common across all markets. When asked about the perceived benefits of giving employees the freedom to bring their own devices into the workplace (fig 1), an increase in productivity (48%) and IT department capital cost savings () came out on top. While these perceived benefits are consistent across all markets, there are slight regional variations, with Ireland and Norway leaning towards productivity being the primary benefit (68% and 57% respectively) and Italy and Germany (49% and 50%) citing cost savings as the main advantage. This is compared to just 18% of those questioned claiming there are perceived benefits in terms of retention of younger generation employees, and 23% perceiving benefits due to enhanced social media enablement. Both much-hyped potential benefits to organisations embracing consumerization that appear to not be playing out in reality. In fact contrary to popular belief that organisations are rolling out bring your own device policies with a view to hiring and retaining the cream of Generation Y s talent, it seems those decisions are currently being made on a much more cost-centric basis; making current staff more productive and cutting departmental expenditure. The data shows a very clear void between the motivations of employers and employees in pursuing the consumerization of their workplace. Whereas employers perceive benefits of workplace consumerization to be an increase in productivity (in terms of reducing distractions from office tasks), the employees themselves gravitate towards the practicalities of bringing their own devices into the workplace. Flexibility in work location (55%), convenience (47%) and the ability to use the same device at home and in the office () are cited as the primary perceived benefits. Of all those surveyed, data loss, security, privacy and blurring of boundaries between work and personal lives are the most feared, with 22% of those questioned believing that an ever-growing amount of their organisation s intellectual property is lost on smartphones (fig2). 59% of respondents perceived the risk of loss or theft of corporate data to be their primary concern, followed by personal privacy issues () and the mingling of personal and corporate data (38%). Interestingly, only 14% 2 Executive Summary The cause and effect of consumerization in the workplace

of those surveyed claim to have no concerns about the use of personal devices in the workplace - a figure that is constant across all markets, bar the Netherlands where it rises to 36%. Fig 1: The perceived benefits of consumerization Fig 2: The biggest concerns surrounding consumerization: Productivity enablement 48% Risk of data loss/theft 59% Business IT capital cost savings Using personal devices will create security issues Employees privacy on personal devices 57% Executives want it 31% Mingling of personal data and corporate data 38% Workplace trend 27% Employees don t understand security and privacy risks 37% Social collaboration enablement Retention of younger generation of employees Fashion Other 2% 9% 18% 23% Compliance / legal implications The company will have difficulty in managing multiple devices, operating systems, network providers, etc. Lack of device and application standardization people using different devices and programs Level of access and connectivity allowed for personal devices some employees having less access than others Employees don t have enough knowledge about mobile devices 16% 35% 27% 23% No opinion 12% Other I have no concerns 1% 14% Q6. Why, in your opinion, does your company allow employees to use their personal devices(s) for work-related activities? Base: All (1060), Denmark (33)*, Belgium (43)*, Sweden (28)*, Norway (21)*, Ireland (19)*, Netherlands (67), Italy (178), France (261), Germany (179), UK (231) Q19. What are your concerns, if any, about employees using their personal devices for work purposes? Base: All (2245), Denmark (70), Belgium (100), Sweden (80), Norway (50), Ireland (45)*, Netherlands (100), Italy (300), France (500), Germany (500), UK (500) Un-checked access to corporate networks is rife One of the biggest challenges facing those responsible for IT within the enterprise is managing what data is entering or leaving their organisation. With 70% of those surveyed reporting that their organisation allows employees to access company networks via personal devices, that is no mean feat. In companies that allow personal device use, on average 29% of devices accessing corporate resources are employee-owned, a large pool of personal devices for which there often is not adequate policy supervision or practical support. Employees themselves are aware of the risks, with 63% stating that they trust company-owned devices more than personal devices. This trust in company devices is likely to come from more stable operating systems and/or the better support and continuity that comes from large numbers of employees having the same device. The perception of risk around employee-owned devices is a concern, especially when the high degree of access these devices have to corporate information is considered. Clearly, employees perceive a potential problem. Despite widespread concern about the use of personal devices in the workplace, organisations are still allowing access to a range of information on the network via non-corporate devices (fig 3). While a majority of organisations will allow access to email (83%), contact information (64%), calendars (63%) and intranets (54%), some are enabling un-regulated access to very sensitive company data, even financial information (11%) and corporate strategy and planning documents (11%). In fact, 68% of 3 Executive Summary The cause and effect of consumerization in the workplace

respondents believe that any information stored on a corporate device is vulnerable. Overall, the perception of risk is not the problem employees know that information on both personal and work devices is vulnerable, but lack support in limiting that risk. Awareness of what can be done to avoid security risks is low (fig 4). While file and folder encryption (44%) and network access controls (43%) scored higher on awareness than most, familiarity with most security tools is generally limited. When asked what security techniques their organisation has in place to protect company-owned devices, basic security software is by far the most common strategy named (60%), followed by the ability to lock-down devices remotely () and remote monitoring (28%). One quarter (24%) of those questioned do not know what security measures their employer has in place to protect corporate mobile devices. When questioned about what measures are in place to protect personal devices in the workplace, the number of respondents unaware of the security measures in place rose to. Employees and companies are not translating their general understandings of risk into concrete measures to manage that risk. Without long-term strategic policy to guide them, or the appropriate staff to assist them, employees are taking unnecessary risks with corporate data and networks, even when they can see the potential for problems. Fig 3: What data is being accessed Fig 4: Familiarity with security tools Email 83% File and Folder Encryption 44% Contacts 64% (Wireless) Network Access Control 43% Calendars 63% Mobile Security 38% Intranet Web Databases Custom applications Customer Relationship Management (CRM) Financial data Corporate strategies/planning 11% 11% 17% 32% 54% Mobile Device Management Data Loss Prevention (DLP) Virtual Desktop Intrastructure Communication and Collaboration Security (Mobile) Application Control Server Virtualization Whole Disk Encryption 36% 36% 36% 31% Other 1% PC Life Cycle Management (PCLCM) 29% Don t know 6% Virtualisation Security 26% Q9. What corporate applications or databases can employees access from their personal devices? Base: All (1060), Denmark (33)*, Belgium (43)*, Sweden (28)*, Norway (21)*, Ireland (19)*, Netherlands (67), Italy (178), France (261), Germany (179), UK (231) Q1. How familiar are you with the following technologies? Base: All (2245), Denmark (70), Belgium (100), Sweden (80), Norway (50), Ireland (45)*, Netherlands (100), Italy (300), France (500), Germany (500), UK (500) Where does responsibility for mobile devices at work lay? There appears to be a significant level of ambiguity when it comes to who is responsible for managing the security of personal mobile devices in use at work. When questioned about who is responsible for the management of corporate devices that are able to access corporate networks within their 4 Executive Summary The cause and effect of consumerization in the workplace

organisation, respondents generally believe it is the IT help desk (43%). Due to its stringent data security standards, Germany is the one big exception to this rule with nearly one third (28%) of respondents claiming their organisation has a dedicated mobile security team to handle such challenges. 42% agree or strongly agree with the statement IT needs to enable/empower employees in using their devices. Worryingly however, 70% of those questioned state that their employer does not offer IT support to cover personal devices in use in their organisation, leaving these businesses open to serious and un-checked risk (fig 5). Interestingly however, one third (32%) of participants believe their company shouldn t offer security support to employee-owned mobile devices. 41% of respondents believe the IT department s role is shifting from a commander/controller to an advisor in support of employees bringing their own devices to work. This suggests that the IT department is beginning to evolve as consumerization is becoming more prevalent within organisations. Fig 5: Help desk support for personal devices Yes, we offer full support Yes, but we only offer limited support No, we do not offer any support All 35% 35% Italy 44% 29% 28% Germany 34% 31% 35% Norway Belgium 28% 23% 49% Denmark 27% 42% Ireland 26% 53% 21% Netherlands 25% 34% UK 25% 44% 31% France 25% 34% 42% Sweden 7% 25% 68% Q4. To the best of your knowledge, does your company offer IT support to employees who use their personal devices in the workplace? Base: All (1060), Denmark (33)*, Belgium (43)*, Sweden (28)*, Norway (21)*, Ireland (19)*, Netherlands (67), Italy (178), France (261), Germany (179), UK (231) Are security policy and compliance working? Surprisingly, 28% of companies have no policies for personal devices at work currently in place or in their planned security roadmap. Even in organisations that do offer help-desk support to cover personal as well as corporate devices, personal device policy is patchy and often doesn t cover the 5 Executive Summary The cause and effect of consumerization in the workplace

full range of devices and locations. Just 54% have policies in place to cover personal devices accessing corporate networks from home and 53% cover personal devices being brought into the office, leaving serious holes in corporate security. (fig 6) Looking beyond device use to broader security policies (fig 7), collaboration and social network tools (52%) are regulated at a similar level to mobile devices (49%). Companies are therefore spending as much energy on efforts to reduce the distraction from apps and tools as they are on devices that have the potential to compromise company security. Giving equal focus to areas that pose disproportionate risks suggests a lack of clear thinking about where a genuine threat resides. A further concern with regards to the parity of focus between social and mobile is the level of access allowed to financial data (32%) and corporate documents (70%) ( whilst only 20% allow access to social networks). Not only is there greater risk from mobile access (due to the possibility of misuse), it is also a more likely route to sensitive company data (which is rarely posted to relatively public social networks.) For social network usage policies, the global figure (52%) falls to just 39% in Germany and rises to 68% in the UK, indicative of the stark cultural differences in the sharing of information and the perceived risks of doing so. Of those businesses that do have personal device policies in place, 25% of those questioned believe that employees within their organisations do not adhere to that policy. Fig 6: Device policies in place Policies for using employee's own laptop/notebook remotely (e.g. at home) 54% Policies for using employee's own laptop/notebook in the office 53% Policies for using employee's own Smartphone in the office 49% Policies for using employee's own tablet computer remotely (e.g. at home) Policies for using employee's own tablet computer in the office 38% Other 19% Q17. Which of the following policies related to use of employees personal devices does your company currently have? Which are you actively considering? Base: All (2245), Denmark (70), Belgium (100), Sweden (80), Norway (50), Ireland (45)*, Netherlands (100), Italy (300), France (500), Germany (500), UK (500) 6 Executive Summary The cause and effect of consumerization in the workplace

Fig 7: What existing policies cover We have policies about usage of Internal collaboration and social networking tools 52% We apply the same policy for using company-owned devices in the office vs. remotely (e.g. at home) 49% We have policies about usage of external collaboration and social networking tools (e.g. Facebook and LinkedIn) 49% We enforce mobile device policy when the device is not used for work-related activities 43% We apply the same policy for using employee's personal devices in the office vs. remotely (e.g. at home) Our employees use private communication channels and social networks to interact on work-related topics Q18. For each of the following statements, please state whether this is true or false at your organisation. Base: All (2245), Denmark (70), Belgium (100), Sweden (80), Norway (50), Ireland (45)*, Netherlands (100), Italy (300), France (500), Germany (500), UK (500) Conclusions It is clear there is a high degree of ambiguity when it comes to what is permitted within organisations, resulting in patchy mobile device policies, lack of adherence, and misplaced priorities. Not only is there a high degree of demand for employers to facilitate the use of personal devices in the workplace, it is already happening whether the organisation has put provisions for it in place or not. While this organic trend towards consumerization of the workplace is having some perceived benefits, the fact it has occurred so rapidly, unmonitored and without adequate security procedures in place means organisations are currently leaving themselves open to a severe degree of risk. This is especially the case in organisations where policy on personal device use is set at the help-desk level, where staff are generally focused on maintenance rather than strategic planning. With these findings in mind, it is recommended that in order to effectively manage the inevitable rise of consumerization within their organisation, those responsible for managing IT must adopt a threepronged approach to security; know the risks, work proactively and think strategically. Only when the risks are known can they be effectively managed. IT departments must take the reins here, counting and monitoring personal devices, particularly riskier ones, in use in the workplace or accessing corporate networks remotely. Emphasis must be placed on creating and implementing policies covering applications that create risk rather than those that are mere distractions. With mobile device use common throughout all business departments, organisation-wide buy-in is required 7 Executive Summary The cause and effect of consumerization in the workplace

to ensure any policies are effective. Bring the HR department into the process to help disseminate information about the benefits and risks. Technology is evolving at a pace never previously experienced within the enterprise. As such, IT departments must work continually and proactively. A write now, review in five years approach to policy development and enforcement can simply no longer suffice. Develop and implement an integrated strategy to proactively address potential problems to take advantage of the development of comsumerization. It s also vital to ensure the integrated strategy must include mobile, static and personal devices. Mobile device security can no longer be managed as a help-desk issue. With such vast volumes of corporate data now accessible via company-owned and personal devices, it has become a strategic issue. Management needs to recognise that data risks have evolved as such and move policy decisions to a strategic level within IT and the wider organisation. Those responsible for managing IT must seek to understand employee motivations for personal device use in the workplace and for possible abuse before either happens on a wide scale. As businesses become ever more mobile and increasingly connected, this policy vacuum and patchiness of understanding is only going to become increasingly apparent and ever more dangerous. In a world where data security is becoming an increasingly important part of strategic business continuity, the value of a planned, proactive and pragmatic approach to security in ensuring devices, data and staff are protected cannot be underestimated. 2012 by Trend Micro Incorporated. All rights reserved. Trend Micro, the Trend Micro t-ball logo, and TrendLabs are trademarks or registered trademarks of Trend Micro Incorporated. All other company and/or product names may be trademarks or registered trademarks of their owners. Information contained in this document is subject to change without notice. 8 Executive Summary The cause and effect of consumerization in the workplace

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information