Apple iOS, BlackBerry, Android Boast Best Security for BYOD: Trend Micro

Virtually all companies surveyed apply an IT security policy to employee-owned devices that access the company network.

BARCELONA, Spain €” Trend Micro Inc., a specialist in cloud-based security software and services, released research revealing fundamental differences in attitudes between senior business roles and senior IT roles in Europe and the United States. When asked to rank operating systems for their security and manageability, Apple€™s iOS fared best, followed by BlackBerry in second place, with third-ranked Android close behind. Symbian came in fourth, with Windows in last place.  

The "IT Executives and CEO Survey Final Report" found slightly more than three-quarters (78 percent) of companies surveyed said they allow employees to use their personal devices, such as laptops, netbooks, smartphones and tablets for work-related activities, and nearly 50 percent of the companies polled reported a data or security breach. A large percentage of the companies surveyed apply an IT security policy to employee-owned devices that access the company network (89.1 percent), and also require that devices either be on a pre-approved list and/or pre-approved with security software installed (53.7 percent). They also plan to segregate corporate applications and/or data when personal devices are used for work purposes (72.5 percent).

Additionally, more than 80 percent require employees to install security software on personal devices. Nearly 80 percent of companies have implemented virtual desktop infrastructure (VDI) in client-hosted or remote-synchronization mode. Just 15 percent had not yet deployed VDI. The survey found 100 percent of the data breaches reported were as a result of an employee-owned device accessing their corporate network.

Cesare Garlati, senior director of mobile security at Trend Micro, who is leading the Mobile Security Forum at Mobile World Congress, where the report was released, said consumerization has irreversibly linked the mobile and Internet security industries. €œMany CEOs are using unsecured mobile devices on a daily basis to access sensitive data on corporate networks,€ he noted. €œTrend Micro€™s new research shows that 75 percent of CEOs are using smartphones and other personal devices to connect to their company€™s network.€

A recent Dell Kace survey found 87 percent of executives say their employees are using personal devices for work-related purposes, with tasks ranging from email to calendaring, to ERP and CRM functions.

Embracing Consumerization

Trend Micro's Garlati said as company leaders, CEOs need to take a stand on using personal devices in the workplace, but senior IT personnel need to have a plan, too, and one that embraces consumerization, rather than regarding it as an unattainable "leap of faith."

Garlati led a panel discussion at the convention, in which he asserted that consumerization is happening and can€™t be stopped. He added that consumerization is good for business, making it more convenient for employees to access data in ways that suit them, and that using the devices they prefer has an obvious upside for productivity and employee engagement.

€œLet€™s be clear,€ Garlati said. €œCompanies don€™t choose consumerization. It happens to them, whether they know it, or like it.€

Consumerization risks include security, costs and reputation. He asked attendees to consider an employee or CEO who leaves an unlocked personal iPad in a restaurant, containing employee salary data and bank account details, or potentially much more. Garlati said the real issue with consumerization is the lack of education, best practices and actionable advice. €œThis is what scares many businesses into labeling consumerization a €˜leap of faith,€™€ he said.

Garlati also used the forum to provide actionable advice to business around four key behaviors. These included the embrace of consumerization to unlock its business potential, taking a strategic approach and developing a robust consumerization plan, having flexible policies that say "yes," but not to everything and not for everyone, and putting the right technical infrastructure in place, including data protection, mobile device management and mobile security.