Security Experts:

Employee Resistance a Barrier to Effective Mobile Security Strategy: Report

When CSOs are asked about their top IT security concerns, mobile devices and apps almost always make the top three issues. However, a recent survey suggests security budgets don't reflect the reality of protecting these devices.

A recent Ponemon Institute survey of 618 IT and IT security professionals sponsored by Raytheon estimated that on average, 40 percent of employees accessed business applications from personally-owned mobile devices. Despite the fact that mobile devices are ubiquitous in the workplace, 64 percent of survey respondents said they don't have sufficient funding to protect their networks and data from mobile threats such as malware infections and user negligence.

The report estimated that spending $278 per device would be considered adequate, although actual spending varied wildly be the size of the organizations. Organizations with more than 75,000 employees spent an average of $98 per device on security, compared to organizations with less than 250 employees, which spent $633 per device, the survey found. Some of the discrepancy may be due to economies of scale of more devices. The typical organization in the study managed an average of almost 20,000 mobile devices, and this number is expected to increase to an average of 28,000 mobile devices over the next year.

About 48 percent of the responders said the biggest driver for bring-your-own-device initiatives was to ensure employees were always connected. The problem with getting everyone connected is that security appears to be taking a backseat to convenience. More than half, or 56 percent, of respondents said employee resistance was the biggest barrier to an effective mobile security strategy.

Based on that finding alone, it should be no surprise that 52 percent of the survey respondents said they had to scale back on the security protections used on mobile devices in order to boost employee productivity. Not surprising, but still disheartening.

"This survey points to the fact that there is a struggle to find the right balance between the cyber security needs of an organization and the efficiencies demanded by employees to do their jobs," Ashok Sankar, senior director of product management and strategy at Raytheon Cyber Products, said in a statement.

It doesn't help that nearly 60 percent of the respondents said employees are less diligent about being secure on their devices.

Mobile device management and secure containers are the two most popular methods of mobile device protection, but they are not sufficient to combat existing threats, according to the survey. In fact, 75 percent of IT security professionals said it was important to secure mobile devices, but only half of the respondents said they were satisfied with the mechanisms currently in place.

More than half, or 57 percent, of the respondents said they prefer a virtualized approach, which would prevent data from being stored on the device in the first place. A little more than two-thirds of respondents, or 67 percent, also said they prefer to deliver mobile services via the Web rather than native apps.

"Mobile devices are becoming a dominant workplace tool, and organizations must adopt a mobile strategy with data security technologies that enable employees to work effectively without putting sensitive information at risk," Sankar said.

view counter
Fahmida Y. Rashid is a Senior Contributing Writer for SecurityWeek. She has experience writing and reviewing security, core Internet infrastructure, open source, networking, and storage. Before setting out her journalism shingle, she spent nine years as a help-desk technician, software and Web application developer, network administrator, and technology consultant.