Organizations lack control over mobile workspaces
More than 64 percent of respondents to a SANS survey said a majority of their mobile workforce can access their organizations’ secure data remotely, yet less than 25 percent said sufficient policies/controls are in place for mobile media.
An additional 25 percent admitted to having no controls (no policy or technical controls enforced by centralized management) in place. The unmanaged personal computers, laptops, smartphones and tablets that make up almost one-third of the mobile BYOD used to access corporate data, combined with lack of controls, leave organizations vulnerable to data exposure.
A top data exposure risk was from malware introduced via unmanaged devices (13.6 percent). Loss or theft of corporate devices was also a major concern for 12.6 percent of respondents; only 13 percent of firms with more than 10,000 employees and 7 percent with 500 to 10,000 employees said they encrypt data on their USB devices.
The survey confirms that despite most organizations’ lack of readiness to support a mobile workforce, the number of mobile employees using BYOD is still growing. According to the survey, 32 percent of organizations expect at least 60 percent of their workforce to be mobile in the next 12 months. With the growth of the mobile workforce, it is important for organizations to quickly gain control through the use of managed mobile devices and workspaces.
Currently 63 percent of mobile workers use computer hard drives, not a managed secure point of access, to access corporate data. More than half of respondents reported mobile media (USB drives) are unmanaged, and 43 percent do not manage all the desktops used by mobile workers. The vast number of unmanaged devices accessing corporate data heightens data security risks and makes it impossible for IT to fully protect the organization.
With today’s reality of high-profile hacks, it is unsurprising that 84 percent responded that security is high, extremely high or critical for a mobile workforce. The number and different types of BYOD being brought into the workplace make it difficult to easily, quickly and affordably provision them. Nearly half of the respondents cited configuring/reconfiguring laptops, updating existing devices, and dealing with lost, stolen or broken laptops as their primary challenges when managing mobile devices.
Nearly one-third of respondents admitted to being unaware if their organization has been breached in the last 12 months. With so little insight into their own networks, and with their jobs on the line, it is unsurprising that almost one third of respondents still do not provide access to corporate data through a cloud application or service.