Businesses Lack Enforceable Policy, Control Over Mobile Workers

According to an Imation/SANS survey, 32 percent of organizations expect at least 60 percent of their workforce to be mobile in the next 12 months.

mobile security and imation

At more than 64 percent of businesses, a majority of mobile workforces can access their organizations' secure data remotely, yet less than 25 percent of businesses have sufficient policies and controls in place for mobile media, such as USB drives, according to a survey of 330 IT and security professionals.

The survey, conducted by SANS and sponsored by information security company Imation, found another 25 percent admitted to having no controls—such as policy or technical controls enforced by centralized management—in place.

Malware introduced through unmanaged devices is a top data exposure risk (13.6 percent), the survey found.

Loss or theft of corporate devices was also a major concern for 12.6 percent of respondents—only 13 percent of firms with more than 10,000 employees and 7 percent with 500 to 10,000 employees said they encrypt data on their USB devices.

According to the survey, 32 percent of organizations expect at least 60 percent of their workforce to be mobile in the next 12 months.

"Mobile devices and BYOD [bring-your-own-device] policies serve the needs of a fast-evolving, mobile workforce by giving employees the flexibility to be productive anytime, anywhere," Ken Jones, vice president of engineering and product management at Imation, told eWEEK. "Yet this array of devices, including the use of personal laptops, tablets and USB drives, creates a huge burden on IT resources to support and proactively prevent security gaps, data breaches, malware attacks, and lost or stolen devices used by employees that can severely compromise the enterprise."

IT needs to do this all while meeting data compliance and legislative protocols often associated with highly regulated industries, Jones noted.

"Enterprises need to ensure devices feature military-grade hardware encryption, built-in password policies, virus and malware protection, and centralized management solutions that support remote wipe or disable capabilities of lost or stolen devices," he said. "It's imperative they control data transport and usage to protect their critical, high-value data. And with the opportunity for personal device usage, they also need to ensure the separation of personal and corporate data."

Currently, 63 percent of mobile workers use computer hard drives, not a managed secure point of access, to access corporate data.

More than half of respondents reported mobile media (USB drives) is unmanaged, and 43 percent do not manage all the desktops used by mobile workers.

Although 84 percent responded that security is high, extremely high or critical for a mobile workforce, nearly one-third of respondents admitted to being unaware if their organization has been breached in the last 12 months.

"As enterprises look to enable mobility and BYOD, computing devices such as laptops and tablets are a large part of their mobile security initiatives," Jones said. "Employees—as well as contractors and temporary workers—use their own personal computers, which often have more computing power and advanced features than corporate systems, saving IT on the cost of hardware. Solutions need to be simple enough for users to use while also delivering the security and manageability to meet enterprise IT security and compliance requirements."