Common wisdom is that there's no turning the clock back on BYOD and mobility culture in the enterprise today. But just how instrumental are mobile technologies to employee work habits, and how well have IT departments started to manage the associated risks? A survey out today shows the productivity increase due to mobility to be dramatic. But in spite of bottom-line benefits, organizations aren't reinvesting some of that money into the necessary security measures to reduce risk.
Conducted by the Ponemon Institute on behalf of Raytheon, the survey (registration required) showed that, for a significant chunk of the workforce, mobile technologies are no longer just a beneficial supplemental computing technology but actually the primary means of getting business done. According to respondents, one-third of employees exclusively use mobile devices to do their work, and that is expected to rise to nearly half of employees over the next year. Meanwhile, 61% of respondents report that mobile devices have increased employee productivity at their organizations.
However, most businesses are seeing these productivity gains offset by a growing mobile risk profile. Approximately 52% of respondents reported that security practices on mobile devices have been sacrificed in order to improve employee productivity. The survey showed that 30% of organizations still have absolutely no security features in place to support mobility, and 74% of respondents say their security is inadequate to mitigate mobile threats.
"Most enterprises are finding workforce productivity high with BYOD, and they can see significant tangible benefits by having workers connected with their device," says Ashok Sankar, senior director of product management and strategy at Raytheon Cyber Products. "But security is being compromised in favor of productivity."
As the business benefits continue to rise, so does the proliferation of devices. The study found that the typical organization manages an average of 20,000 devices, with that number expected to rise to 28,000 in 12 months. In fact 18% of organizations report that, within a year, they may need to manage more than 75,000 devices. This can only serve to put more pressure on security organizations; respondents reported it takes an average of $278 to manage devices securely.
Organizations identified malware infection and end-user negligence as two of the biggest mobile risks. Of particular concern was the fact that employee behavior has grown increasingly lackadaisical about security as mobile flexibility increases. Approximately 60% of respondents believe mobile devices have diminished employees' security habits.
In addition to improving security technology investments around mobility, organizations may need to put more onus on employees to improve their behavior.
"There's always been a one-sided conversation between IT and employees, with IT providing laptops or desktops and a specific image of the device and that was it," Sankar says. "The newer paradigm has to be a two-way conversation. People want to use what they want, which is fine. But maybe there's a responsibility factor associated with the mobile user than they had originally. So with flexibility comes responsibility."