Apparently the folks in charge of mobile security at large organizations these days don’t trust anyone. Or anything. And I’m betting that’s not such a bad approach.
We ran a webcast recently about mobile data security and asked a few questions about the state of mobile security that ended up being pretty telling.
We asked how far along organizations are in providing mobile access to their corporate applications for employees. There were two sets of outliers: 4.6% didn’t allow mobile access at all. About the same number called themselves “mobile ninjas” – claiming everyone in their org was happy. But these extremes were definitely the exception.
Mobile application access for enterprises: “taking it slow”
The biggest percentage allowed mobile access, but from corporate-owned devices only (43.7%). Interestingly, almost a third (31.2%) had made it a step farther: they had secured an app or two for BYOD. This was done tactically, however, and the attendees who had done this said they were “taking it slow.”
Another 9.3% had “opened Pandora’s BYOD box” but were not sure what to do next. The remaining 6.2% felt they had secured their app portfolio for BYOD, but “users are not pleased.” Uh oh. Hide the pitchforks.
The majority of the results here describe companies in some of the very early stages in their journey toward mobile access and enabling BYOD. They’re starting some of the messy internal conversations that frankly need sorting out pretty quickly.
So, why is there such restricted progress on mobile access to enterprise applications? First off, enabling tablets in an enterprise environment has a lot of hurdles (here’s a post I did on a few of those mobile-specific hurdles). But secondly, we were asking security folks how far they had progressed in giving what feels like unfettered enterprise access to untrusted devices. Progress is going to cautious and guarded no matter how good these folks are feeling.
In fact, we also asked them which things on the list below they (officially) trusted. The numbers were as expected – but still made me chuckle.
Miniscule numbers of respondents felt things like Dropbox, SugarSync storage, and Google Mail were to be trusted with enterprise data. Users, according to our attendees, were also suspect: only 3.9% thought users should be trusted to “do the right thing.” Even worse, exactly zero attendees thought native browsers on mobile devices were trustworthy.
On the other hand, 45% of respondents felt safe with encrypted software vaults or containers with remote wipe options.
And 45% said they trusted, well, “nothing.”
Sounds severe, but for several of us who worked on the webcast from Framehawk, the results made sense given what we’ve been hearing from customers.
In fact, when we asked attendees to identify IT’s biggest hurdle to get a mobile experience for an organization’s entire application portfolio, data security was the overwhelming favorite (45.9% of respondents picked this option). Cost (24.5%) and intuitive native user interface and gestures (18%) were also significant, but definitely second-tier worries. Time-to-market and the application’s click-response performance were both in single digits.
No question, then: mobile access to enterprise applications is something that enterprise IT and their security watchdogs take very seriously, regardless of how interesting those mobile devices are for users. Trust us.
For a summary of our recent webcast, download our new white paper called “How to Avoid Data Leakage from Mobile Enterprise Applications: Use the Cloud.”
This blog was originally posted on Framehawk.com.