Eight out of 10 CIOs think that using smartphones in the workplace
increases the business's vulnerability to attack, and rank data
breaches as their top related security concern. Yet half of
organizations fail to authenticate their employees' mobile devices,
among other basic security measures.
Those finding come from a report released Wednesday conducted by
market researcher Ovum together with the European Association for
e-Identity and Security (EEMA).
The study found that the so-called consumerization of enterprise IT,
meaning employees who bring ostensibly consumer devices to work,
continues at full pace. According to the report, 48% of employees are
allowed to use mobile devices that they own to connect to corporate
systems. Meanwhile, 70% of employees can currently use corporate-owned
computing devices for personal activities.
"Employees will want to use their devices, no matter who owns them,
for both their work and personal lives," said Graham Titterington, a
principal analyst at Ovum, in a statement. "It is unrealistic to
delineate between these uses for employees who are mobile and working
out of the office for a large part of their time."
Interestingly, 90% of organizations provide -- or will soon offer --
mobile devices to their employees. A majority said those devices would
be BlackBerry smartphones, which mirrors the continuing market
dominance of the BlackBerry platform -- with a 37% market share, ahead
of Apple (24%) and Android (21%).
But mobile device security controls remain a weak point, with only
half of organizations authenticating their mobile device users. Among
those, about two-thirds rely on usernames and passwords, while 18% use
public key infrastructure (PKI) certificates, and only 9% employ
two-factor authentication with one-time passwords. Furthermore, only
about 25% of organizations ensure that employees' mobile devices are
running antivirus and anti-malware software.
"As this new study bears out, putting a smartphone security strategy
in place is now a business imperative," said Roger Dean, director at
EEMA, in a statement. "But how many organizations have the in-house
expertise required to develop and implement a mobile strategy that
fits seamlessly with their overall security profile?"
According to Titterington, "organizations must establish a holistic
security strategy that addresses the consumerization of this
fast-growing channel into corporate networks and data."
No comments:
Post a Comment