The study was independently conducted by the Information Security Community on LinkedIn. This second edition study collected responses from more than 1,100 IT security practitioners to gain a deeper understanding into the practices, usage and security concerns around BYOD.
“Loss of company or client data, followed by unauthorized access to company data and systems are well publicized as security threats around BYOD, and they were respondents’ biggest security concerns in our 2014 study,” said Holger Schulze, founder of the 200,000+ member Information Security Community. “But it is very interesting that the study revealed that respondents’ next biggest security concerns were users bringing downloaded apps or content with embedded security exploits into their organization (47 percent), followed by malware infections (45 percent).”
According to respondents, only 21 percent of their organizations have fully implemented BYOD policies, processes and infrastructure. In addition, 24 percent of respondents’ organizations have no mobile device policy. Along these same lines, 21 percent of respondents said that privately owned devices are widely in use in their organizations, but are not supported within their organizations.
While accessing email, calendar and contacts is the most popular usage for BYOD devices (86 percent), other business apps and data are also being routinely accessed by BYOD devices. Study respondents said document access and editing apps are used 45 percent of the time; Sharepoint and Intranet access happens 41 percent of the time; and apps for file sharing and company-built applications are accessed 34 percent of the time.
When it comes to sensitive data and intellectual property being accessed over BYOD, respondents were most concerned with protecting business data (74 percent), customer/employee data (69 percent), and documents (66 percent).
According to respondents, the most popular tool to monitor and manage mobile devices was mobile device management (MDM), in use at 43 percent of respondents’ organizations, followed by endpoint security tools (39 percent), and Network Access Controls (38 percent). Similarly, the most common risk control measures for mobile devices were password protection (67 percent), followed by remote wiping of data (52 percent), and use of encryption (43 percent).
Significant data in the report is that 21 percent of organizations who acknowledge broad use of privately owned devices, for which no support exists within their organizations. Malware threats are already being carried into the organization on these unmanaged privately owned devices.