Mobile Security a Headache for CIOs, Not a Concern for Users

CIOs are struggling with mobile data security as more employees bring their devices into the workplace. But users don't seem to be thinking about it at all.

With more workers bringing their favorite smartphones to the office, CIOs are concerned about mobile data security and how employee devices are managed, according to a recent research study.

CIOs from large organizations in the United States and the United Kingdom were surveyed about their mobile security concerns in a mobile security report from Mformation Technologies. Released on Mar. 8, the report highlights the challenges facing CIOs trying to figure out which mobile devices are connecting to the network and what information they have access to, the company said.

About 76 percent of surveyed CIOs said employee-owned mobile devices are causing security headaches, and 78 percent didn't know what mobile devices were connecting to the corporate network, the Mformation study found. Even more worrying, 77 percent of enterprises have no idea what data is on those employee devices that are connecting to the network, according to the report.

"Enterprise mobility may well be a business imperative, but it remains a massive risk," said Todd DeLaughter, CEO of Mformation.

IT departments aren't struggling with just employee-owned mobile devices, as only one out of three surveyed CIOs said they could track data on company-issued devices, the survey found. Only 23 percent knew what corporate data was on all mobile devices, regardless of who owned the device, in real-time, according to the survey.

In the event that the device is lost or stolen, only 56 percent of CIOs said they would be able to secure the data on the missing device, such as remotely wiping corporate data, according to the report.

"IT is literally flying blind," said DeLaughter. Enterprise IT organizations need to integrate mobile device management capabilities into existing IT service delivery frameworks as well as new ones, such as cloud computing, he said.

Limited resources and a rapidly changing platform are the main reasons why CIOs have difficulty managing the mobile devices, said 77 percent of the respondents. CIOs are also forced to deal with a wide variety of devices and platforms, instead of being able to standardize on a single device across the enterprise, said DeLaughter.

About 67 percent of the respondents said WikiLeaks has made them more worried about protecting and managing corporate data on mobile devices, according to the study. The country breakdown to this question was interesting as 72 percent of the US CIOs felt this way compared to 57 percent of the UK CIOs. It is clear from the question that WikiLeaks was a much more worrisome incident for American companies.

The survey polled 200 CIOs in the United States and 100 CIOs from the United Kingdom. About half of the organizations had between 1,000 to 3,000 people, and the remaining half had over 3,000 employees, according to the report. The organizations were equally distributed across manufacturing, financial services, retail sector and "other" commercial sectors.

As CIOs try to figure out how to protect corporate data on mobile devices, a separate European survey by Kaspersky Labs found smartphone users were "only dimly aware" of mobile threats. Of the 1,600 smartphone owners in Italy, Spain, France and the UK surveyed, only 27 percent of surveyed smartphone owners were "highly concerned."

The rest were either unconcerned or unaware there were any dangers, even though about a third of the respondents had at least one application on their mobile device that stored sensitive data such as bank PIN numbers, passwords and usernames, according to Kaspersky. Only half knew that anti-virus software was available for mobile devices and "barely" one in ten was using it. Unfortunately, Kaspersky did not break down risk perception by mobile platform so it was unclear whether users of one mobile operating system were savvier than others.