Mobile
5/14/2013
03:59 PM
Don Bailey
Don Bailey
Products and Releases
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Security Biggest Success Measure For BYOD, New Report Finds

Lumension Security report examines how companies are responding to the security threats presented by the influx of mobile devices on the company networ

A recent survey conducted by Holger Schulze's Information Security Community group on LinkedIn finds that security is both the top concern and top measure for success for enterprises implementing BYOD programs. The BYOD and Mobility Security Report, sponsored by Lumension®, a global leader in endpoint management and security, examined the benefits of BYOD, drivers for implementing a BYOD program and how companies are responding to the security threats presented by the influx of mobile devices entering corporate networks.

BYOD is of interest to many enterprises, with close to 20% widely supporting privately-owned devices, an additional 35% saying BYOD is under evaluation, and some 40% of respondents still supporting company-owned mobile devices. These programs provide many benefits to employees and enterprises alike, including improved employee satisfaction, productivity and mobility, each cited by over 50% of respondents as a primary driver and benefit of BYOD.

However, security is also a very big concern and was cited by 70% of respondents as the top criteria for success, even over employee productivity, cited by 54%. Respondents fear a loss of company or client data, unauthorized access and malware infections, and many say they lack the resources necessary to address these security concerns. In fact, almost a third of organizations say that they do not have even a basic BYOD policy in place to help mitigate some of the risk.

"What is concerning to me is the lack of security that is actively implemented, according to survey respondents," said Paul Zimski, vice president of solution marketing at Lumension. "Over a third of organizations have no security at all and most are relying on just encryption. Encryption is great if the device is lost or stolen, but it does little good against something like a phishing attack. In the end, a mobile device is an endpoint, subject to the same attacks we protect against on so-called traditional endpoints. Encryption simply is not enough."

Mandatory use of encryption was cited as a risk control measure for mobile devices by 40% of respondents. Encryption is considered best equipped to deal with lost or stole devices, which was the third ranked security concern, after lost data and unauthorized access. When asked if they felt ready for a full enterprise BYOD adoption, only 6% responded that their organization was 100% ready, while the majority of respondents claimed to feel less than 50% ready for BYOD.

The BYOD and Mobility Security Report surveyed 1,650 information security professionals around the world through Holger Schulze's Information Security Community group on LinkedIn. The majority of respondents were information security specialists in organizations of 10 - 99 employees. A full breakdown of the survey results is available online here. You can read Paul Zimski's blog post discussing the survey here.

Supporting Resources:

· Survey Results

· Optimal Security Blog

· Lumension on Twitter

About Lumension Security, Inc.

Lumension Security, Inc., a global leader in endpoint management and security, develops, integrates and markets security software solutions that help businesses protect their vital information and manage critical risk across network and endpoint assets. Lumension enables more than 5,100 customers worldwide to achieve optimal security and IT success by delivering a proven and award-winning solution portfolio that includes Vulnerability Management, Endpoint Protection, Data Protection, Antivirus and Reporting and Compliance offerings. Lumension is known for providing world-class customer support and services 24x7, 365 days a year. Headquartered in Scottsdale, Arizona, Lumension has operations worldwide, including Virginia, Texas, Utah, Florida, Ireland, Luxembourg, the United Kingdom, Australia and Singapore. Lumension: IT Secured. Success Optimized.&trade More information can be found at www.lumension.com. Don A. Bailey is a pioneer in security for mobile technology, the Internet of Things, and embedded systems. He has a long history of ground-breaking research, protecting mobile users from worldwide tracking systems, securing automobiles from remote attack, and mitigating ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
5 Security Technologies to Watch in 2017
Emerging tools and services promise to make a difference this year. Are they on your company's list?
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.