For many people, mobile devices are indispensable tools for both work and personal tasks. Being able to access relevant apps and data in a moment of need can be a huge productivity driver, and employees are increasingly demanding this access from their companies. Despite this, companies have been hesitant to roll out more mobile services and support bring-your-own-device (BYOD) programs — or allow these devices to access corporate systems or data — because of concerns around application and data security.
Many enterprises have invested in mobile security tools, but those have largely been mobile device management (MDM) investments, which don't address mobile application, data and network security. This has created paralysis for many firms that want to allow more access but are unable to because of limited existing security investments and the lack of a formal BYOD program with guidance to support those devices.
Samsung commissioned Forrester Consulting to evaluate mobile security and BYOD trends and determine what firms are doing to evolve their mobile strategies. In conducting in-depth surveys with 100 IT decision-makers involved in mobile security and management at companies with mobile workforces, Forrester found that substantial barriers exist today to support BYOD devices and maintain app and data security. However, firms are increasing their mobile security budgets to expand their current security implementations beyond MDM into app, data, and network security.
Forrester's study yielded three key findings:
› Most BYOD devices today are getting limited or no support and limited access to corporate systems and data. Most companies don't fully support BYOD devices, but that hasn't stopped employees from using them for work. Without tools to maintain secure app and data usage on BYOD devices, firms will struggle with increased risk of data leaks and device compromises.
› Mobile security budgets are increasing. The majority of firms with mobile workforces are increasing their mobile security budgets. Over 64% of respondents expect their mobile security budget to increase in the next 12 months. The security budget expansion matches the need to move beyond the basic core components of mobile device management and solve the extended mobile security problem at the application, network, and device level.
› Mobile security is more than mobile device management. Approximately half of enterprises have already adopted MDM technologies. Since adoption, they have learned that MDM is not the only layer of security needed to address their mobile management needs. Operating system manufacturers and third-party security solutions such as containerization and secure network gateway technologies will become important security deployment opportunities in the enterprise.
In an enterprise mobile environment, it is very clear that location, device ownership, platform, usage, and access are not separate problems for IT; they must be addressed together. Employees can be much more productive with additional mobile tools beyond email; therefore, mobile device management must be only a piece of the larger mobile security tool set. Smartphones and tablets only scratch the surface of the devices employees will use for work in the future, but all of these devices will require access to corporate applications and data. Forrester's surveys with IT executives looking to plan for this future yielded several important observations:
› BYOD is here to stay — plan for it. Work is not a single place for many people; it's a thing they do in many different locations and scenarios. Having the flexibility and choice on how and where to work is extremely important for productive employees. In some cases, that means being able to use their own devices. BYOD isn't something your company should actively fight. It might not be appropriate for all companies in all scenarios, but all companies will have some situations in which personal devices are used. This means IT must balance many different scenarios where work and personal data exist on the same device. Therefore, having tools that can maintain the separation of work and personal data, regardless of ownership, is critical.
› Prioritize app security to accelerate app deployment. While email is a great work tool, it's not the only work tool. If we look at the tools available on an employee's laptop versus a mobile device, the difference is glaring. In order for mobile devices to become primary computing devices for more employees, companies need to prioritize mobile application access. This means adopting tools that offer application security functionality like mobile VPN, single sign-on, and containerization options. These tools will help extend application access on company-owned, employee-owned, and even partner or contractor devices.
› Secure data in transit and at rest. Application security can help with securing data at rest, but employees working from coffee shops, hotels, or anywhere outside of the corporate network still introduce risk. Securing data as it travels through the mobile ecosystem is a point of concern for many companies. To overcome this, you need a mobile security tool that can bring together network gateway technologies, encryption, device management, and app management technologies, along with data classification and tracking.
Mobile Security: Move Beyond The Basics And Overcome Mobile Paralysis, a December 2014 commissioned study conducted by Forrester Consulting on behalf of Samsung. In this study, Forrester conducted an online survey of 100 organizations with mobile workforces in the US to evaluate mobile security and BYOD trends. Survey participants included IT decision-makers involved in security, mobile security, and mobile management at organizations whose workforce uses mobile devices like smartphones and tablets. The study began in September 2014 and was completed in October 2014.