Mobile security breaches are inevitable over the next five years, according to enterprise CIOs who responded to a recent survey sponsored by mobile device management vendor Mformation Technologies Inc.
According to the survey, which piggybacked an earlier study of mobile application use and management needs, more than half of the CIOs polled said technical product data, sales data and customer data are accessible through corporate mobile devices, and almost one-third said corporate financial data is also accessible.
In the U.S., 66% of CIOs said they are very concerned about data loss from mobile devices.
"If a device falls into the wrong hands, the impact on a company's competitive positioning, brand and reputation could be severe," the study said. "Not only that, the loss of data stored in mobile devices breaches key regulatory and compliance requirements."
Despite the fear of a security breach, a mere 12% of CIOs said they have a record of the data that users store on their devices, meaning that if there is a security breach, the remaining 88% will not know how severe that breach is or what specific data has been compromised. In addition, 6% of the companies surveyed reported that a corporate mobile device had been lost or stolen within the past six months.
"The problem of data loss will only be exacerbated as more users access the corporate network, using more powerful devices loaded with more – and more sophisticated – data applications," the study continued.
The survey, which was conducted by independent research firm Coleman Parkes, queried 200 CIOs and telecommunications directors at large enterprises in the U.S. and Europe.
Some key findings of the survey include:
- 63% of CIOs do not actively monitor the types of data that users are storing on devices.
- 68% of companies believe that there is a considerable risk these devices will provide unauthorized access to corporate networks.
- 55% of CIOs fear that over the next five years, mobile devices will increasingly be responsible for lost corporate data.
- 76% of CIOs in the U.S. feel these security issues will have a great impact on the direct and indirect costs of meeting regulation and compliance requirements.
- 86% of U.S. CIOs believe solving the data security problems of mobile devices is one of the most important issues they face in the next few years.
According to Matt Bancroft, Mformation's CMO, CIOs are cognizant of the security risks, but few are doing anything to thwart them, opening up organizations to myriad threats.
The threat landscape when mobile devices are added into the mix has had CIOs scrambling to find solutions, the study found, and CIOs are continually looking for ways to improve security. Roughly 84% of CIOs surveyed said they had improved authentication and security systems for mobile devices and had implemented basic password protection. Half of the CIOs said they were looking for solutions to lock down devices remotely, and 60% are working with network operators to improve security.
The study found, however, that 80% believe there is no quick fix for mobile security and see it as a long-term project.
Another area where CIOs have trouble is determining who inside the organization is responsible for managing security solutions. The survey found that 65% of CIOs said IT should take the lead, while 22% said it is the network operator's responsibility, indicating that a coordinated approach involving both the enterprise and operator is an ideal strategy.
CIOs recognize and understand that a plan for integrated management and security is necessary in the changing mobile environment, according to the study, and they want solutions that involve not only in-house IT but also their key network operators. The survey found that a coordinated solution that has operators offering managed security services while allowing the enterprise to have day-to-day control over mobile assets is likely to be the best method.
The study concluded: "CIOs will need to work closely with mobile device management suppliers and network operators to ensure critical corporate data is always secure, even as more and more enterprise employees use mobile devices."