Connect with us

Hi, what are you looking for?


Management & Strategy

Employees, IT Disagree Over Level of Mobile Security Controls

Employees are becoming more aware of the risks of using personal devices to access corporate resources and are somewhat willing to grant IT some control over their personal devices, according to a recent mobility survey from Blue Coat Systems.

Employees are becoming more aware of the risks of using personal devices to access corporate resources and are somewhat willing to grant IT some control over their personal devices, according to a recent mobility survey from Blue Coat Systems.

Employees increasingly expect to have access to corporate assets and applications from their personal smartphones and mobile devices, Blue Coat said. A surprising number of employees were willing to grant IT some control over their personal devices, with 55 percent willing to have malware protection software installed and 58 percent were willing to meet passcode requirements placed on their devices, Blue Coat found in its mobility survey, released Tuesday.

Click To View LargerMany organizations have shifted to accommodate the users and the bring-your-own-device trend (BYOD), defining mobile device management policies and setting minimum security requirements, Timothy Chiu, director of product marketing at Blue Coat, told SecurityWeek. While 64 percent of businesses said they would block personal devices from accessing any corporate applications if the employee didn’t comply with policies, there seems to be a growing acceptance that IT needs to have some control over the devices joining the corporate network, Blue Coat found.

Some of the findings were “not quite what we expected,” Chiu said. While the general trend was expected, Blue Coat was surprised by the numbers, he said.

In the survey of 350 respondents from large organizations in the United States, Canada, and other countries around the world, respondents were generally favorable to the idea of IT setting basic requirements such as anti-malware protection and passcodes to lock the screen. As the proposed IT controls became more stringent and intrusive, respondents were less receptive, Chiu said.

Only 24 percent of the respondents were willing to allow the network to log their attempts to access applications from the mobile device, and 19 percent were willing to have their Web activity from the mobile device logged, Blue Coat found. A mere 12 percent said IT could apply policies and restrict which types of sites and content they could reach over their mobile devices when using the corporate network, according to the survey.

Despite the positive trend for malware protection and passcodes, the numbers for these controls were “a little low. We wanted it higher,” Chiu said.

The reluctance among users for more IT control poses a significant problem for IT as it can interfere with its own compliance requirements and make it harder to secure the network, Chiu said. For many organizations, logging when users access corporate resources, and noting where and what device was being used, is a compliance requirement. Restricting access to certain sites and logging Web content helps IT protect endpoints from infection and quickly detect if a botnet was operating within the network, Chiu said.

Advertisement. Scroll to continue reading.

It’s possible that employees don’t realize they are already being tracked on other devices, so the request to log mobile device access feels like a new request, Chiu said. It is an “automatic reaction to think, ‘No, I don’t want to be logged,’ since people are sensitive to privacy issues,” he said. As people begin to realize what IT is already doing, they may become more comfortable with the controls being extended to mobile.

There also appears to be a significant perception gap between IT professionals and individual lines of business, the survey found. Approximately 42 percent of the respondents in the survey who had IT-related job titles, believed the risk of malware spreading from mobile devices to the corporate network was high, or very high. In contrast, 88 percent of non-IT respondents believed their mobile devices were somewhat or very secure from malware, Blue Coat said.

The gap extends to how much control each group is necessary. IT respondents in the survey wanted more control, as 41 percent said they expected being able to log access to corporate applications over personal devices. About 37 percent of IT respondents said they expected being able to enforcing restrictions on types of sites end-users could access. Even though the non-IT respondents were not willing to let IT do more, it appears that users are becoming aware of mobile risks, which may explain their willingness to give IT some level of control, Chiu said.

A total of 350 respondents participated in the survey. Respondents all worked in organizations of at least 2,000 employees in the United States, 500 employees in Canada, or 250 employees in other countries. IT professionals in the survey worked at organizations that officially allowed smartphones and tablet devices to access the corporate network, and non-IT personnel used mobile devices to access the network.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.