BYOD & MOBILE SECURITY

Sponsored by

2013 survey results

BYOD & MOBILE SECURITY

Information

Welcome to the 2013 BYOD & Mobile Security Report!

Bring Your Own Device (BYOD) is a popular topic this year as

more companies are adopting employee-owned mobile devices

(or deciding against it for security and data control reasons).

The 160,000 member Information Security Community on LinkedIn

conducted the survey “BYOD & Mobile Security 2013” to shed

some light on the drivers for BYOD, how companies will benefit

from BYOD, and how they respond to the security risks associated

with this trend.

The results are in - we received more than 1,600 responses and

found interesting insights into BYOD adoption patterns and mobile

security practices. We hope you will enjoy the report.

Thanks to everyone who participated in the survey!

Group Owner, Information Security Community

[email protected] | +1 302-383-5817

Holger Schulze

INTRODUCTION

The number one benefit of BYOD is greater employee satisfaction and productivity.

A majority of companies are concerned about loss of and unauthorized access to data.

Encryption is the most used risk control measure for mobile devices.

The biggest impact of mobile security threats is the need for additional IT resources to

manage them.

The most popular mobile business applications are email, calendar and contact

management. The most popular mobile platform for BYOD is iOS/Apple.

Top-5 Trends in BYOD & Mobile Security

The top-3 drivers

for BYOD are all

about keeping

employees happy

and productive:

greater employee satisfaction

(55 percent), improved employee

mobility (54 percent) and

increased employee

productivity (51 percent).

Greater employee satisfaction Improved employee mobility Increased employee productivity Reduced device/endpoint hardware costs Reduced operational support costs Other

What are the main drivers and expected benefits of BYOD for your company?

0% 20% 40% 60%

WHAT ARE THE MAIN DRIVERS

and benefits of BYOD for your company?

While a slim majority of

organizations support

company-owned devices,

BYOD is clearly on

everyone’s radar.

Privately-owned devices are in very limited use Privately-owned devices are widely in use, but not supported by the organization Privately-owned devices are widely in use and supported through a BYOD policy BYOD is under evaluation

Which of the following describes your organization’s overall policy towards

privately-owned and company-owned mobile devices for business use?

There are currently no plans to use private devices within the next 12 months We plan to allow private devices within the next 12 months Other

0% 10% 20% 30% 40%

WHICH IS YOUR

organization’s BYOD policy?

BYOD causes

significant security

concerns:

Loss of company or client data

(75 percent), unauthorized access to

company data & systems (65 percent)

and fear of malware infections

(47 percent) top the list.

Loss of company or client data

Malware infections Lost or stolen devices Device management Unauthorized access to company data and systems

What are your main security concerns related to BYOD?

Compliance with industry regulations Support & maintenance Other

0% 20% 40% 60% 80%

None

WHAT ARE YOUR MAIN SECURITY

concerns related to BYOD?

The biggest impact of

mobile security threats

is the need for

additional IT

resources

to manage them (33 percent).

And 28 percent of respondents

report no negative impact from

mobile threats in the past 12

months.

Additional IT resources needed to manage mobile security Corporate data loss or theft Cost of cleaning up malware infections Increased helpdesk time to repair damage

None

What negative impact did mobile threats have on your company

in the past 12 months?

Don’t know Disrupted business activities Reduced employee productivity

0% 5% 10% 15% 20% 25% 30% 35%

The company had to pay regulatory fines Other Increased cost due to devices subscribed to premium pay-for-services

WHAT NEGATIVE IMpACT DID

mobile threats have on your company?

The most popular mobile

platform for BYOD is

iOS/Apple

(72 percent).

Which mobile platforms does your company support?

iOS / Apple Android / Google RIM / Blackberry Windows / Microsoft None All other responses

0% 10% 20% 30% 40% 50% 60% 70% 80%

WHICH MObILE pLATfORMS

does your company support?

Central management of mobile devices and applications

None Employee training Detailed BYOD policies Other

Which company policies and procedures do you

have in place for mobile devices?

0% 10% 20% 30% 40%

WHICH COMpANY pOLICIES DO

you have in place for mobile devices?

Q6

Central management

of mobile devices

and applications

Mandatory use

of encryption

(40 percent) is the most used risk

control measure for mobile devices.

34 percent of organizations say

they have no risk control measures

in place.

Mandatory use of encryption

None Endpoint Integrity Checking Auditing of mobile devices Attack and penetration testing of mobile applications

Which risk control measures are in place for mobile devices?

0% 10% 20% 30% 40%

Other

WHICH RISk CONTROL MEASURES

are in place for mobile devices?

85 percent of organizations

have most of their intellectual

property and sensitive data

stored in the

datacenter/network.

Where is most of your intellectual property and sensitive data stored?

Datacenter / Network Device / Endpoint Cloud Other

0% 20% 40% 60% 80% 100%

WHERE IS MOST Of YOUR INTELLECTUAL

property and sensitive data stored?

77 percent of organizations are

most concerned about protecting

business and

employee data.

What type of intellectual property and sensitive data

are you most concerned about?

Images Text messages Voice conversations

0% 20% 40% 60% 80%

Other

WHAT TYpE Of INTELLECTUAL pROpERTY

& sensitive data are you most concerned about?

Mobile device

management

tools

(MDM)

are most frequently used by

40 percent of organizations to

monitor and govern mobile devices.

22 percent of organizations say

they have no tools to monitor

and govern mobile devices.

Mobile Devices Management (MDM) Tools Endpoint Security Tools Network Access Controls (NAC) Endpoint Malware Protections

Which tools are used to monitor and govern the handling of mobile devices?

None Configuration Controls /Lifecycle Management Other

0% 10% 20% 30% 40%

WHICH TOOLS ARE USED TO MONITOR

and govern the handling of mobile devices?

45 percent of organizations

embed personal mobile

devices via

guest networking

and separate

networks.

How are current mobile devices embedded in your organization’s IT-infrastructure?

0% 10% 20% 30% 40% 50%

Guest networking / separate networks for personal mobile devices

Incident management procedures are employed / amended An application repository exists for mobile devices Other None

HOW ARE CURRENT MObILE DEVICES

embedded in your organization’s IT-infrastructure?

32 percent of organizations

are considering or implementing

on-premise BYOD

solutions.

In order to meet your BYOD objectives and deploy relevant technologies,

have you considered or already implemented one of the following?

0% 5% 10% 15% 20% 25% 30% 35%

On premise solutions

None Cloud (SaaS) solutions Other Hybrid of cloud and on-premise solutions

HOW ARE YOU DEpLOYING

BYOD solutions?

The most important success

criterion of BYOD deployments is

maintaining security

for 70 percent of organizations.

Employee productivity ranks

second with 54 percent.

Security Employee productivity Usability Device management

What are your most important success criteria for BYOD deployments?

Cost reduction Innovation Technology consolidation

0% 20% 40% 60% 80%

Other

WHAT ARE YOUR MOST IMpORTANT

success criteria for BYOD deployments?

Email accounts (49 percent),

access and authentication

(47 percent), and acceptable

usage & employee education

(42 percent) are the

top-3 mobile

device policy topics

for organizations.

Email accounts

Which topics are covered by your company's Mobile Device Policy?

Access and authentication Acceptable usage / employee education Device wiping Stored data Malware protection Configuration Applications Guest networking Location tracking SMS Other We don’t have a mobile device policy

0% 10% 20% 30% 40% 50%

WHICH TOpICS ARE COVERED bY

your company’s Mobile Device Policy?

Logging, monitoring

and reporting

are the most required features

(69 percent) of mobile device

management tools (MDM).

Logging, monitoring and reporting

In your opinion, which capabilities are required for

Mobile Device Management (MDM) tools?

Centralized functionality Malware protection Ease of deployment Configuration controls Endpoint Integrity Checking Role-based access rules Flexible configuration to support different requirements and parameters Harmonization across mobile platform types Integration with other Endpoint Management Systems Other

0% 20% 40% 60% 80%

WHICH CApAbILITIES ARE REQUIRED

for Mobile Device Management (MDM) tools?

60 percent of

organizations

have not yet

adopted BYOD,

but are considering it. Only

10 percent of non-adopters are

ruling it out. 24 percent are

actively working on policies,

procedures and infrastructure

for BYOD.

Not yet adopted, but considering Working on the policies, procedures and infrastructure to enable BYOD Currently evaluating the cost / benefits of BYOD adoption BYOD already fully implemented

Which stage of BYOD adoption has been reached in your company?

Considering BYOD adoption within a year Not yet adopted, and no plans BYOD will not be permitted

0% 10% 20% 30% 40% 50% 60% 70%

Other

WHICH STAGE Of bYOD ADOpTION

has been reached in your company?

A majority of organizations

say they are

less than 50 percent

ready to adopt

BYOD

for their enterprise.

How would you rate your readiness for full enterprise BYOD adoption

(in percent | 100 is completely ready)?

0 10 20 30 40 50 60 70 80 90 100 0% 2% 4% 6% 8% 10% 12% 14% Readiness in % Responses in %

HOW WOULD YOU RATE YOUR READINESS

for full enterprise BYOD adoption?

41 percent of all organizations

create mobile apps

for employees

- 40 percent do not. 18 percent

plan to do so in the future.

Does your organization create / use mobile apps for business

purposes by employees?

0% 10% 20% 30% 40% 50%

Yes No Planned in the future Other

DOES YOUR ORGANIzATION CREATE / USE

mobile apps for business purposes by employees?

43 percent of organizations

create mobile apps

for customers

- 40 percent do not. 17 percent

plan to do so in the future.

Does your organization create / use mobile apps for

business purposes by customers?

0% 10% 20% 30% 40% 50%

Yes No

Planned in the future

Other

DOES YOUR ORGANIzATION CREATE / USE

mobile apps for business purposes by customers?

The most popular mobile

business applications are

email, calendar

and contact

management

(85 percent).

Email/Calendar/Contacts Document access / editing Access to Sharepoint / Intranet Access to company-built applications

What do you think are the most popular business applications

used on BYOD devices?

File sharing Access to SaaS apps such as Salesforce Virtual Desktop

0% 20% 40% 60% 80% 100%

Video conferencing Cloud Backup Other

WHAT ARE THE MOST pOpULAR

business applications used on BYOD devices?

This survey was conducted in April 2013. We collected 1,650 responses from information security

professionals across the world – here is a detailed breakdown of the demographics.

Software & Internet

What industry is your company in?

0% 5% 10% 15% 20%

Computers & Electronics Financial Services Business Services Government Telecommunications Education Manufacturing Healthcare, Pharmaceuticals, & Biotech Energy & Utilities Retail Non-profit Media & Entertainment Transportation & Storage Consumer Services Agriculture & Mining Real Estate & Construction Travel, Recreation & Leisure Wholesale & Distribution Other

Owner/CEO/President Director C-Level (CTO, CIO, CMO, CFO, COO) VP Level Other

What is your career level?

Manager Specialist

What is the size of your company (number of employees)? 32.6% | 10-99 25.3% | Fewer than 10 22.0% | 100-999 11.4% | 1,000-10,000 8.6% | 10,000+ Operations Engineering Product Management Marketing Other

What department do you work in?

We would like to thank our sponsors for supporting the

BYOD & Mobile Security Report.

Lumension |

www.lumension.com

Lumension Security, Inc., a global leader in endpoint management and security, develops, integrates and markets

security software solutions that help businesses protect their vital information and manage critical risk across network

and endpoint assets. Lumension enables more than 5,100 customers worldwide to achieve optimal security by delivering

a proven and award-winning solution portfolio that includes Vulnerability Management, Endpoint Protection, Data

Protection, Antivirus and Reporting and Compliance offerings. Headquartered in Scottsdale, Arizona, Lumension has

operations worldwide. Lumension: IT Secured. Success Optimized.™

Symantec |

www.symantec.com

Symantec protects the world’s information, and is a global leader in security, backup and availability solutions. Our

innovative products and services protect people and information in any environment – from the smallest mobile device,

to the enterprise data center, to cloud-based systems. Our world-renowned expertise in protecting data, identities and

interactions gives our customers confidence in a connected world.

KPMG |

www.kpmg.com

KPMG delivers a globally consistent set of multidisciplinary services based on deep industry knowledge. Our industry

focus helps KPMG professionals develop a rich understanding of clients’ businesses and the insight, skills, and resources

required to address industry-specific issues and opportunities..

MailGuard |

www.mailguard.com.au

The MailGuard Group was founded in 2001 to address the growing online security concerns of business. Recognising that

organisations needed a simple and inexpensive way to manage unwanted email and web content, we pioneered a range

of cloud security solutions to provide complete protection against online threats. Today, we’ve built upon our reputation as

Zimbani |

www.zimbani.com.au

Zimbani is an innovative technology consulting firm with a special focus on information security, mobility and cloud.

We help businesses acquire a competitive edge by incorporating the latest technology that can improve their current

performance as well as prepare them for future challenges. Our extensive experience in the industry has helped us

deliver capabilities that can ultimately optimise the service and products offered by our customers. Our aim is to provide

businesses with highly cost effective, trustworthy, productive and innovative solutions that will add value to your business.

With our help our clients have been able to deliver secure, efficient and adaptive services with ease.

About the Information Security Community

Over 160,000+ members make the Information

Security Community on Linkedin is the word’s largest

community of infosec professionals. We are building

a network of infosec professionals that connects

people, opportunities, and ideas. If you are involved in

purchasing, selling, designing, managing, deploying,

using ... or learning about information security solutions

an concepts - this group is for you.

Join the

INFORMATION

SECURITY

COMMUNITY

on LinkedIn

Information

Security

Group Partner

Many thanks to everybody who participated in this survey.

Holger Schulze is a B2B technology marketing

executive delivering demand, brand awareness,

and revenue growth for high-tech companies.

A prolific blogger and online community builder,

Holger manages the B2B Technology Marketing

Community on LinkedIn with over 42,000

members and writes about B2B marketing trends

in his blog Everything Technology Marketing.

Our goal is to inform and educate B2B marketers

about new trends, share marketing ideas and

best practices, and make it easier for you to find

the information you care about to do your jobs

successfully.

Holger Schulze

B2B Marketer

Email

[email protected]

Follow Holger on Twitter

http://twitter.com/holgerschulze

Subscribe to Holger’s

Technology Marketing Blog

http://everythingtechnologymarketing.blogspot.com