Mobility and Risk, By the Numbers

Everyone is familiar with personal mobile devices finding their way into the workplace over the last few years. But it has been difficult to quantify the security implications associated with these trends. The actual rates of security incidents, top breach concerns, and other security-focused intelligence on mobility adoption have remained largely in the realm of anecdotes and personal observations among IT professionals.

To get a better handle on these trends, IDC designed its 2013 U.S. Mobile Security Survey (see below) to collect solid data on some of the fuzzier notions about enterprise mobility and security surfacing in blogs and at tech industry conferences. The results of the survey pointed towards some interesting trends.

Half say app security is a top concern

The majority of respondents (67 percent) consider themselves BYOD friendly. We also found that organizations have real concerns about the use of social media, file sharing and mobile productivity apps, especially when used on such BYOD devices as personal smartphones and tablets. More than half of organizations cited these types of apps as a top security concern. However, enterprises are keenly aware of the risks of a mobile workforce and are moving quickly to assert some level of control, if not over devices then over apps and data.

Many are backing into BYOD

Many enterprises are “backing into” mobile BYOD security, in spite of acute awareness of risks. By “backing into,” we mean that enterprises are relying on existing enterprise network and endpoint security tools to help secure mobile devices as opposed to deploying mobile-specific products and services. For example, over 50 percent of enterprises said they would rely on security features in WLANs, firewalls, or security gateways to control mobile device activity, but fewer than 40 percent said they would deploy such products as mobile device, application, or endpoint security/management tools.

Breaches drive mobile-specific security solutions

Security breaches are a “wake-up call” for companies to get more mobile-specific in their approach. The data shows that enterprises experiencing data breaches were more likely to use mobile-specific solutions such as managed mobile security and cloud security services. While 35 percent of all enterprises surveyed said they have deployed, or plan to deploy, a mobile security service, this number jumps to 45 percent among organizations that have had a breach.

Half identify their workforce as “highly mobile”

Regarding breaches, the research shows there was a minimal difference in the frequency of breaches between BYOD-oriented or IT-controlled enterprises. The split was 38 percent for BYOD vs. 35 percent for IT-controlled, and 36 percent of all respondents experienced a breach. As it turns out, the only characteristic of an enterprise that affected the frequency of breaches was the use of mobility itself. Almost half of enterprises identifying their workforce as “highly mobile” had a mobile breach, compared to only around 12 percent of “mobile-averse” organizations. So, while avoiding mobile altogether is one way to avoid breaches, it’s certainly no way to run a business or drive employee productivity.

Overall, rates of mobile data breaches, app security concerns, and general approaches to mobile security and device control varied widely, based on the organization’s approach to mobile device control and the nature of the organization’s business and workforce. The following AT&T-sponsored IDC Market Spotlight Assessing the Mobile Security Threat: Current Trends in the Enterprise dives deeper into these issues with some interesting data that can help your organization stay ahead of the ever-changing mobile security curve.


Chris Christiansen is Program Vice President of Security Products and Services for IDC. He has written this guest post for the Networking Exchange Blog.

Chris Christiansen Security Products and Services Program Vice President IDC About Chris