Who Puts Mobile Biz at Risk? It's You & Me
Security concerns may be changing attitudes toward so-called BYOD -- bring your own device -- strategies, according to Verizon's new global survey of business professionals who procure and manage mobile devices, released Wednesday.
Read more about the general findings of the first-ever Verizon Communications Inc. (NYSE: VZ) Business Mobile Security Index in this story on our sister site, Security Now. You can also view more at Verizon's news center.
As far as BYOD is concerned, the survey shows 39% of the 600 respondents said employee-owned devices were their number one concern, and 76% ranked them in the top three concerns.
In fact, the survey listed employee-owned devices at the top of the list of things respondents feared might be exploited, even ahead of Internet of Things devices -- which are notoriously unsecured -- as well as custom applications and servers. Of course, it isn't the devices that mobile business execs fear, it's the people operating them.
Survey respondents view employees as the greatest risk (see chart above) to securing mobile devices, according to the Verizon Mobile Security Index. More than half -- 58% -- of those surveyed are concerned that employees will do "something bad for financial or personal gain," and that's in addition to the dumb things people do all the time, such as losing smartphones, having weak passwords or credentials or downloading unapproved applications.
That doesn't mean an end to BYOD, however. Only 61% of organizations surveyed own and control all mobile devices used in their business.
"We continue to see BYOD prevalent in the business case," says Justin Blair, executive director of mobile business products for Verizon's Wireless Business Group. "In the enterprise space, we saw a swing toward BYOD because I think a lot of IT companies were looking at ways to stop managing a fleet of devices. But I think they have realized that having them be corporate liable is actually one way to maintain effective security practices."
That "corporate-liable" step involves having an enterprise device enrollment program that lets the company specifically track and control the devices it purchases and gives to employees, using mobile device management and threat detection to ensure authentication of each device and having policies that control how they can be used by specific employees, he explains.
For some industry verticals, Blair notes, mobile devices will absolutely be corporate-owned and controlled -- retailers, for example, that use tablets in-store for transactions and more will prevent them from being used casually in any way by employees. But other companies may make the choice based on how the device is going to be used, or even on an employee-by-employee basis.
Owning -- and controlling -- the smartphones and tablets put to business use is one way to combat those human failings.
The new index, the latest in the Verizon security arsenal, can be viewed here.
— Carol Wilson, Editor-at-Large, Light Reading