CIOs are struggling with mobile data security as more employees bring their devices into the workplace. But users don't seem to be thinking about it at all.
With more workers bringing their favorite smartphones to the
office, CIOs are concerned about mobile data security and how employee devices
are managed, according to a recent research study.
CIOs from large organizations in the United States and the
United Kingdom were surveyed about their mobile security
concerns in a mobile
security report from Mformation Technologies. Released on Mar. 8, the report
highlights the challenges facing CIOs trying to figure out which mobile devices
are connecting to the network and what information they have access to, the
About 76 percent of surveyed CIOs said employee-owned mobile
devices are causing security headaches, and 78 percent didn't know what mobile
devices were connecting to the corporate network, the Mformation study found.
Even more worrying, 77 percent of enterprises have no idea what data is on
those employee devices that are connecting to the network, according to the
may well be a business imperative, but
it remains a massive risk," said Todd DeLaughter, CEO of Mformation.
IT departments aren't struggling with just employee-owned
mobile devices, as only one out of three surveyed CIOs said they could track
data on company-issued devices, the survey found. Only 23 percent knew what
corporate data was on all mobile devices, regardless of who owned the device,
in real-time, according to the survey.
In the event that the device is lost or stolen, only 56
percent of CIOs said they would be able to secure the data on the missing
device, such as remotely wiping corporate data, according to the report.
"IT is literally flying blind," said DeLaughter.
Enterprise IT organizations need to integrate mobile device management
capabilities into existing IT service delivery frameworks as well as new ones,
such as cloud computing, he said.
Limited resources and a rapidly changing platform are the main
reasons why CIOs have difficulty managing the mobile devices, said 77 percent
of the respondents. CIOs are also forced to deal with a wide variety of devices
and platforms, instead of being able to standardize on a single device across
the enterprise, said DeLaughter.
About 67 percent of the respondents said WikiLeaks has made
them more worried about protecting and managing corporate data on mobile
devices, according to the study. The country breakdown to this question was
interesting as 72 percent of the US CIOs felt this way compared to 57 percent
of the UK CIOs. It is clear from the question that WikiLeaks
was a much more
worrisome incident for American companies.
The survey polled 200 CIOs in the United States and 100 CIOs
from the United Kingdom. About half of the organizations had between 1,000 to
3,000 people, and the remaining half had over 3,000 employees, according to the
report. The organizations were equally distributed across manufacturing,
financial services, retail sector and "other" commercial sectors.
As CIOs try to figure out how to protect corporate data on
mobile devices, a separate European survey by Kaspersky Labs found smartphone
users were "only dimly aware" of mobile threats. Of the 1,600 smartphone owners
in Italy, Spain, France and the UK surveyed, only 27 percent of surveyed
smartphone owners were "highly concerned."
The rest were either unconcerned or unaware there were any
dangers, even though about a third of the respondents had at least one
application on their mobile device that stored sensitive data such as bank PIN
numbers, passwords and usernames, according to Kaspersky. Only half knew that
anti-virus software was available for mobile devices and "barely" one in ten
was using it. Unfortunately, Kaspersky did not break down risk perception by
mobile platform so it was unclear whether users of one mobile operating system
were savvier than others.