Welcome to the 2013 BYOD & Mobile Security Report! Bring Your Own Device (BYOD) is a popular topic this year as more companies are adopting employee-owned mobile devices (or deciding against it for security and data control reasons). The 160,000 member Information Security Community on LinkedIn conducted the survey “BYOD & Mobile Security 2013” to shed some light on the drivers for BYOD, how companies will benefit
from BYOD, and how they respond to the security risks associated
with this trend. The results are in - we received more than 1,600 responses and found interesting insights into BYOD adoption patterns and mobile security practices. We hope you will enjoy the report. Thanks to everyone who participated in the survey!
1. Sponsored by
| Symantec | KPMG | Zimbani | MailGuard |
2013 survey results
BYOD & MOBILE SECURITY
Information
Security
Group Partner
2. BYOD & MOBILE SECURITY | Read the 2013 survey results 1
Welcome to the 2013 BYOD & Mobile Security Report!
Bring Your Own Device (BYOD) is a popular topic this year as
more companies are adopting employee-owned mobile devices
(or deciding against it for security and data control reasons).
The 160,000 member Information Security Community on LinkedIn
conducted the survey “BYOD & Mobile Security 2013” to shed
some light on the drivers for BYOD, how companies will benefit
from BYOD, and how they respond to the security risks associated
with this trend.
The results are in - we received more than 1,600 responses and
found interesting insights into BYOD adoption patterns and mobile
security practices. We hope you will enjoy the report.
Thanks to everyone who participated in the survey!
Group Owner, Information Security Community
hhschulze@gmail.com | +1 302-383-5817
Holger Schulze
INTRODUCTION
Share the Report
3. BYOD & MOBILE SECURITY | Read the 2013 survey results
The number one benefit of BYOD is greater employee satisfaction and productivity.
A majority of companies are concerned about loss of and unauthorized access to data.
Encryption is the most used risk control measure for mobile devices.
The biggest impact of mobile security threats is the need for additional IT resources to
manage them.
The most popular mobile business applications are email, calendar and contact
management. The most popular mobile platform for BYOD is iOS/Apple.
2
Top-5 Trends in BYOD & Mobile Security
1
2
3
4
5
SURVEY HIGHLIGHTS
4. BYOD & MOBILE SECURITY | Read the 2013 survey results 3
The top-3 drivers
for BYOD are all
about keeping
employees happy
and productive:
greater employee satisfaction
(55 percent), improved employee
mobility (54 percent) and
increased employee
productivity (51 percent).
Greater employee satisfaction
Improved employee mobility
Increased employee productivity
Reduced device/endpoint
hardware costs
Reduced operational
support costs
Other
What are the main drivers and expected benefits of BYOD for your company?
0% 20% 40% 60%
WHAT ARE THE MAIN DRIVERS
and benefits of BYOD for your company?Q1
5. BYOD & MOBILE SECURITY | Read the 2013 survey results 4
While a slim majority of
organizations support
company-owned devices,
BYOD is clearly on
everyone’s radar.
Company-owned devices
are widely used
Privately-owned devices
are in very limited use
Privately-owned devices are widely in use,
but not supported by the organization
Privately-owned devices are widely in
use and supported through a BYOD policy
BYOD is under evaluation
Which of the following describes your organization’s overall policy towards
privately-owned and company-owned mobile devices for business use?
There are currently no plans to use private
devices within the next 12 months
We plan to allow private devices
within the next 12 months
Other
0% 10% 20% 30% 40%
Which is your
organization’s BYOD policy?Q2
6. BYOD & MOBILE SECURITY | Read the 2013 survey results 5
BYOD causes
significant security
concerns:
Loss of company or client data
(75 percent), unauthorized access to
company data & systems (65 percent)
and fear of malware infections
(47 percent) top the list.
Loss of company or client data
Malware infections
Lost or stolen devices
Device management
Unauthorized access to company
data and systems
What are your main security concerns related to BYOD?
Compliance with industry regulations
Support & maintenance
Other
0% 20% 40% 60% 80%
None
What are your main security
concerns related to BYOD?Q3
7. BYOD & MOBILE SECURITY | Read the 2013 survey results 6
The biggest impact of
mobile security threats
is the need for
additional IT
resources
to manage them (33 percent).
And 28 percent of respondents
report no negative impact from
mobile threats in the past 12
months.
Additional IT resources needed to
manage mobile security
Corporate data loss or theft
Cost of cleaning up malware infections
Increased helpdesk time
to repair damage
None
What negative impact did mobile threats have on your company
in the past 12 months?
Don’t know
Disrupted business activities
Reduced employee productivity
0% 5% 10% 15% 20% 25% 30% 35%
The company had to pay regulatory fines
Other
Increased cost due to devices subscribed
to premium pay-for-services
What negative impact did
mobile threats have on your company?Q4
8. BYOD & MOBILE SECURITY | Read the 2013 survey results 7
The most popular mobile
platform for BYOD is
iOS/Apple
(72 percent).
Which mobile platforms does your company support?
iOS / Apple
Android / Google
RIM / Blackberry
Windows / Microsoft
None
All other responses
0% 10% 20% 30% 40% 50% 60% 70% 80%
Which mobile platforms
does your company support?Q5
9. BYOD & MOBILE SECURITY | Read the 2013 survey results 8
Central management of mobile
devices and applications
None
Employee training
Detailed BYOD policies
Other
Which company policies and procedures do you
have in place for mobile devices?
0% 10% 20% 30% 40%
Which company policies DO
you have in place for mobile devices?Q6
Central management
of mobile devices
and applications
(39 percent) tops the list of BYOD
policies and procedures currently
in place. 32 percent of organizations
say they do not have any policies
or procedures in place.
10. BYOD & MOBILE SECURITY | Read the 2013 survey results 9
Mandatory use
of encryption
(40 percent) is the most used risk
control measure for mobile devices.
34 percent of organizations say
they have no risk control measures
in place.
Mandatory use of encryption
None
Endpoint Integrity Checking
Auditing of mobile devices
Attack and penetration testing
of mobile applications
Which risk control measures are in place for mobile devices?
0% 10% 20% 30% 40%
Other
Which risk control measures
are in place for mobile devices?Q7
11. BYOD & MOBILE SECURITY | Read the 2013 survey results 10
85 percent of organizations
have most of their intellectual
property and sensitive data
stored in the
datacenter/network.
Where is most of your intellectual property and sensitive data stored?
Datacenter / Network
Device / Endpoint
Cloud
Other
0% 20% 40% 60% 80% 100%
Where is most of your intellectual
property and sensitive data stored?Q8
12. BYOD & MOBILE SECURITY | Read the 2013 survey results 11
77 percent of organizations are
most concerned about protecting
business and
employee data.
Business and employee data
(in databases, apps, etc)
Documents
Emails
Contacts
What type of intellectual property and sensitive data
are you most concerned about?
Images
Text messages
Voice conversations
0% 20% 40% 60% 80%
Other
What type of intellectual property
& sensitive data are you most concerned about?Q9
13. BYOD & MOBILE SECURITY | Read the 2013 survey results 12
Mobile device
management
tools(MDM)
are most frequently used by
40 percent of organizations to
monitor and govern mobile devices.
22 percent of organizations say
they have no tools to monitor
and govern mobile devices.
Mobile Devices Management
(MDM) Tools
Endpoint Security Tools
Network Access Controls (NAC)
Endpoint Malware Protections
Which tools are used to monitor and govern the handling of mobile devices?
None
Configuration Controls
/Lifecycle Management
Other
0% 10% 20% 30% 40%
Which tools are used to monitor
and govern the handling of mobile devices?Q10
14. BYOD & MOBILE SECURITY | Read the 2013 survey results 13
45 percent of organizations
embed personal mobile
devices via
guest networking
and separate
networks.
How are current mobile devices embedded in your organization’s IT-infrastructure?
0% 10% 20% 30% 40% 50%
Guest networking / separate
networks for personal mobile devices
Incident management procedures
are employed / amended
An application repository exists
for mobile devices
Other
None
How are current mobile devices
embedded in your organization’s IT-infrastructure?Q11
15. BYOD & MOBILE SECURITY | Read the 2013 survey results 14
32 percent of organizations
are considering or implementing
on-premise BYOD
solutions.
In order to meet your BYOD objectives and deploy relevant technologies,
have you considered or already implemented one of the following?
0% 5% 10% 15% 20% 25% 30% 35%
On premise solutions
None
Cloud (SaaS) solutions
Other
Hybrid of cloud and
on-premise solutions
How are you deploying
BYOD solutions?Q12
16. BYOD & MOBILE SECURITY | Read the 2013 survey results 15
The most important success
criterion of BYOD deployments is
maintaining security
for 70 percent of organizations.
Employee productivity ranks
second with 54 percent.
Security
Employee productivity
Usability
Device management
What are your most important success criteria for BYOD deployments?
Cost reduction
Innovation
Technology consolidation
0% 20% 40% 60% 80%
Other
What are your most important
success criteria for BYOD deployments?Q13
17. BYOD & MOBILE SECURITY | Read the 2013 survey results 16
Email accounts (49 percent),
access and authentication
(47 percent), and acceptable
usage & employee education
(42 percent) are the
top-3 mobile
device policy topics
for organizations.
Email accounts
Which topics are covered by your company's Mobile Device Policy?
Access and authentication
Acceptable usage
/ employee education
Device wiping
Stored data
Malware protection
Configuration
Applications
Guest networking
Location tracking
SMS
Other
We don’t have a mobile
device policy
0% 10% 20% 30% 40% 50%
Which topics are covered BY
your company’s Mobile Device Policy?Q14
18. BYOD & MOBILE SECURITY | Read the 2013 survey results 17
Logging, monitoring
and reporting
are the most required features
(69 percent) of mobile device
management tools (MDM).
Logging, monitoring and reporting
In your opinion, which capabilities are required for
Mobile Device Management (MDM) tools?
Centralized functionality
Malware protection
Ease of deployment
Configuration controls
Endpoint Integrity Checking
Role-based access rules
Flexible configuration to support
different requirements and parameters
Harmonization across mobile
platform types
Integration with other Endpoint
Management Systems
Other
0% 20% 40% 60% 80%
which capabilities ARE REQUIRED
for Mobile Device Management (MDM) tools?Q15
19. BYOD & MOBILE SECURITY | Read the 2013 survey results 18
60 percent of
organizations
have not yet
adopted BYOD,
but are considering it. Only
10 percent of non-adopters are
ruling it out. 24 percent are
actively working on policies,
procedures and infrastructure
for BYOD.
Not yet adopted, but considering
Working on the policies, procedures and
infrastructure to enable BYOD
Currently evaluating the cost
/ benefits of BYOD adoption
BYOD already fully implemented
Which stage of BYOD adoption has been reached in your company?
Considering BYOD adoption within a year
Not yet adopted, and no plans
BYOD will not be permitted
0% 10% 20% 30% 40% 50% 60% 70%
Other
Which stage of BYOD adoption
has been reached in your company?Q16
20. BYOD & MOBILE SECURITY | Read the 2013 survey results 19
A majority of organizations
say they are
less than 50 percent
ready to adopt
BYOD
for their enterprise.
How would you rate your readiness for full enterprise BYOD adoption
(in percent | 100 is completely ready)?
0 10 20 30 40 50 60 70 80 90 100
0%
2%
4%
6%
8%
10%
12%
14%
Readiness in %
Responses in %
How would you rate your readiness
for full enterprise BYOD adoption?Q17
21. BYOD & MOBILE SECURITY | Read the 2013 survey results 20
41 percent of all organizations
create mobile apps
for employees
- 40 percent do not. 18 percent
plan to do so in the future.
Does your organization create / use mobile apps for business
purposes by employees?
0% 10% 20% 30% 40% 50%
Yes
No
Planned in the future
Other
Does your organization create / use
mobile apps for business purposes by employees?Q18
22. BYOD & MOBILE SECURITY | Read the 2013 survey results 21
43 percent of organizations
create mobile apps
for customers
- 40 percent do not. 17 percent
plan to do so in the future.
Does your organization create / use mobile apps for
business purposes by customers?
0% 10% 20% 30% 40% 50%
Yes
No
Planned in the future
Other
Does your organization create / use
mobile apps for business purposes by customers?Q19
23. BYOD & MOBILE SECURITY | Read the 2013 survey results 22
The most popular mobile
business applications are
email, calendar
and contact
management
(85 percent).
Email/Calendar/Contacts
Document access / editing
Access to Sharepoint / Intranet
Access to company-built applications
What do you think are the most popular business applications
used on BYOD devices?
File sharing
Access to SaaS apps such as Salesforce
Virtual Desktop
0% 20% 40% 60% 80% 100%
Video conferencing
Cloud Backup
Other
What are the most POPULAR
business applications used on BYOD devices?Q20
24. BYOD & MOBILE SECURITY | Read the 2013 survey results 23
This survey was conducted in April 2013. We collected 1,650 responses from information security
professionals across the world – here is a detailed breakdown of the demographics.
Software & Internet
What industry is your company in?
0% 5% 10% 15% 20%
Computers & Electronics
Financial Services
Business Services
Government
Telecommunications
Education
Manufacturing
Healthcare, Pharmaceuticals, & Biotech
Energy & Utilities
Retail
Non-profit
Media & Entertainment
Transportation & Storage
Consumer Services
Agriculture & Mining
Real Estate & Construction
Travel, Recreation & Leisure
Wholesale & Distribution
Other
Owner/CEO/President
Director
C-Level (CTO, CIO,
CMO, CFO, COO)
VP Level
Other
What is your career level?
0% 5% 10% 15% 20% 25% 30% 35%
Manager
Specialist
What is the size of your company (number of employees)?
32.6% | 10-99
25.3% | Fewer than 10
22.0% | 100-999
11.4% | 1,000-10,000
8.6% | 10,000+
Operations
Engineering
Product Management
Marketing
Other
What department do you work in?
0% 20% 40% 60%
Sales
IT
Legal
Finance
HR
SURVEY METHODOLOGY
25. BYOD & MOBILE SECURITY | Read the 2013 survey results 24
We would like to thank our sponsors for supporting the
BYOD & Mobile Security Report.
Lumension | www.lumension.com
Lumension Security, Inc., a global leader in endpoint management and security, develops, integrates and markets
security software solutions that help businesses protect their vital information and manage critical risk across network
and endpoint assets. Lumension enables more than 5,100 customers worldwide to achieve optimal security by delivering
a proven and award-winning solution portfolio that includes Vulnerability Management, Endpoint Protection, Data
Protection, Antivirus and Reporting and Compliance offerings. Headquartered in Scottsdale, Arizona, Lumension has
operations worldwide. Lumension: IT Secured. Success Optimized.™
Symantec | www.symantec.com
Symantec protects the world’s information, and is a global leader in security, backup and availability solutions. Our
innovative products and services protect people and information in any environment – from the smallest mobile device,
to the enterprise data center, to cloud-based systems. Our world-renowned expertise in protecting data, identities and
interactions gives our customers confidence in a connected world.
KPMG | www.kpmg.com
KPMG delivers a globally consistent set of multidisciplinary services based on deep industry knowledge. Our industry
focus helps KPMG professionals develop a rich understanding of clients’ businesses and the insight, skills, and resources
required to address industry-specific issues and opportunities..
MailGuard | www.mailguard.com.au
The MailGuard Group was founded in 2001 to address the growing online security concerns of business. Recognising that
organisations needed a simple and inexpensive way to manage unwanted email and web content, we pioneered a range
of cloud security solutions to provide complete protection against online threats. Today, we’ve built upon our reputation as
a technological innovator to become a trusted name in enterprise cloud security.
Zimbani | www.zimbani.com.au
Zimbani is an innovative technology consulting firm with a special focus on information security, mobility and cloud.
We help businesses acquire a competitive edge by incorporating the latest technology that can improve their current
performance as well as prepare them for future challenges. Our extensive experience in the industry has helped us
deliver capabilities that can ultimately optimise the service and products offered by our customers. Our aim is to provide
businesses with highly cost effective, trustworthy, productive and innovative solutions that will add value to your business.
With our help our clients have been able to deliver secure, efficient and adaptive services with ease.
SPONSORS
26. BYOD & MOBILE SECURITY | Read the 2013 survey results 25
About the Information Security Community
Over 160,000+ members make the Information
Security Community on Linkedin is the word’s largest
community of infosec professionals. We are building
a network of infosec professionals that connects
people, opportunities, and ideas. If you are involved in
purchasing, selling, designing, managing, deploying,
using ... or learning about information security solutions
an concepts - this group is for you.
Join the
INFORMATION
SECURITY
Community
on LinkedIn
Information
Security
Group Partner
Many thanks to everybody who participated in this survey.
If you are interested in co-sponsoring upcoming surveys, or creating your
own survey report, please contact Holger Schulze at hhschulze@gmail.com.
THANK YOU
27. BYOD & MOBILE SECURITY | Read the 2013 survey results 26
Holger Schulze is a B2B technology marketing
executive delivering demand, brand awareness,
and revenue growth for high-tech companies.
A prolific blogger and online community builder,
Holger manages the B2B Technology Marketing
Community on LinkedIn with over 42,000
members and writes about B2B marketing trends
in his blog Everything Technology Marketing.
Our goal is to inform and educate B2B marketers
about new trends, share marketing ideas and
best practices, and make it easier for you to find
the information you care about to do your jobs
successfully.
Holger Schulze
B2B Marketer
Email
hhschulze@gmail.com
Follow Holger on Twitter
http://twitter.com/holgerschulze
Subscribe to Holger’s
Technology Marketing Blog
http://everythingtechnologymarketing.blogspot.com
ABOUT THE AUTHOR