Survey: mobile data security keeps most CISOs up at night

Security executives want more control, less choice for BYOD

A disturbing 90 percent of chief information security officers are concerned about the security of data transmitted using personal mobile devices within their organizations, according of to a survey of 100 CISOs from various industries conducted by the Executive Council and Galvin Consulting.

Other BYOD concerns troubling CISOs include the lack of mobile-device-based security standards, lack of network and device visibility, lost physical assets, and the use of nonstandard data storage, such as Dropbox.

In the survey, CISOs also raised concerns about mobile app security, such as the risks of introducing malware into their organizations. They were particularly frustrated by the practice of allowing end users to access mobile apps and their inability to revoke access once granted.

The respondents were also troubled by the security of mobile device clients, particularly peer-to-peer applications that enable users to transfer files and share information back and forth between devices. This is especially challenging in BYOD environments because corporate IT departments have little control over the types of applications installed on personal devices and little insight into the security and integrity of those applications, the survey found.

CISOs cited a mobile device management platform as one tool they are using to protect against mobile security breaches. However, a majority of CISOs did not believe MDM capabilities alone were sufficient for overall mobile security because of the immaturity of the industry, a desire by CISOs to use layers of control, and because of the vulnerabilities and architectural weaknesses in mobile devices.

The survey found that CISOs rank IT control as a higher priority than end-user choice when it comes to mobile devices in the enterprise. Nevertheless, security executives also recognize the benefits of mobile devices in terms of business enablement.

While a majority of CISOs are spending five percent or less of their IT budgets on mobile security currently, that percentage is expected to increase in the next 12 months, when a majority of security executives report that they will spend between six percent and ten percent of their budgets on mobile security.

For more:
- see U.S. Mobile Security: State of the Industry executive summary

Related Articles:
Bring your own Mac trend requires rethink by IT administrators
McAfee's App Alert eases BYOD security worries for IT managers
Research findings show dramatic increase in security issues with BYOD