Independent research reveals almost a third (32 per cent) of UK businesses have no formal or enforceable policy or process in place to manage the use of mobile devices in the work place. Independent specialist technology market research company, Vanson Bourne, conducted the survey on behalf of Absolute Software, a provider of firmware-embedded endpoint security and management solutions.
The research surveyed 1,200 IT decision makers from a variety of vertical sectors across the UK, France, Germany and the United States. The research investigates trends in mobile device management, security and device preferences in the workplace.
“IT has been staring down the barrel of mobility, and all the security issues it entails for the last couple of years. It’s seriously worrying to find so many companies taking no action to properly secure and manage their mobile devices. Given the significant financial and commercial risks surrounding data loss it’s surprising to see that companies are still not prioritising security,” said John Livingston, Chairman and CEO at Absolute Software.
“As different devices make their way into the enterprise and employees expect greater access to business applications and data from the field, IT is facing an increasingly difficult challenge to manage and support a deployment across a multitude of operating systems and form factors.”
BYOD vs IT
When it came to provisioning mobile devices, seven per cent of UK companies rely on employees bringing their own device (BYOD) which creates an extremely diverse environment that IT is expected to manage and secure. In the US that figure rose to almost one in five companies (18 per cent) using BYOD alone. Both French (15 per cent) and German (16 per cent) companies more frequently allowed employees to use personal devices than UK organisations.
In the UK the majority (38 per cent) offered a hybrid model, allowing employees to use their own devices as well as providing employees with company-owned devices of their choosing. In the US the majority (42 per cent) of companies surveyed also deployed this tactic. Both France and Germany favoured corporate-owned, personally enabled (COPE) strategies for mobile devices, allowing employees to choose a mobile device that would be bought, owned and managed by the company but used personally as well as for work.
The UK, France and Germany were the most restrictive when it came to mobile device management with almost three in 10 companies reporting that they would neither allow choice nor use of personal devices and that IT dictated what device and platform employees could use. In the US this figure dropped to only 15 per cent of companies taking this dictatorial approach, led by IT.
Securing corporate data
Securing corporate data on mobile devices was a key concern for many companies. The most common method of securing corporate data on a smartphone or tablet is for employees to agreethat IT may perform a remote lock and wipe if the device is lost or stolen – this accounts for two thirds (68 per cent) of UK companies. However, almost a fifth of UK companies reported that they did nothing to secure any data on mobile devices. Conversely, the US was the most secure with only eight per cent reporting that they took no action to secure data on mobile devices.
When it comes to restricting access, 41 per cent of UK businesses use a global network access control (NAC) solution or gateway and 31 per cent allow access via a mobile device management (MDM) tool, ensuring the integrity of the device where NAC provisions access based on a risk profile of the device and its user. Almost a third (30 per cent) of companies allow all devices access with a password and almost one in 10 UK companies don’t restrict access at all.
“The rapid pace of the consumer technology market has left the enterprise in the dust when it comes to providing its employees with cutting edge devices. For many work has become the place where they are forced to use devices older and slower than their own, something that many employees seek to circumvent by simply accessing work-related data through their own unmanaged, often in-secure devices. This inevitably leads to security issues as data spreads across rogue devices,” commented Livingston.
“Whilst many enterprises are looking to satisfy workers by letting them chose devices, or bring their own, a large number are struggling to marry security with increased freedom and mobility that employees are demanding. Despite mobility and BYOD being buzzwords of the last year or so, there appears to be no agreed approach on how to manage this trend, in some cases businesses are even choosing to ignore the issue when faced with this dilemma.
“Despite the rapid maturity of mobility trends, the approach to managing and securing mobile devices in the workplace is startlingly immature. This immaturity is a real danger zone for businesses, particularly as EU legislators look at re-writing the rule books when it comes to data regulation,” he concluded.