Sponsored by

| Symantec | KPMG | Zimbani | MailGuard |

2013 survey results

BYOD & MOBILE SECURITY

InformationSecurity

Group Partner

BYOD & MOBILE SECURITY | read the 2013 survey results 1

Welcome to the 2013 BYOD & Mobile Security Report!

Bring Your Own Device (BYOD) is a popular topic this year as more companies are adopting employee-owned mobile devices (or deciding against it for security and data control reasons).

The 160,000 member Information Security Community on LinkedIn conducted the survey “BYOD & Mobile Security 2013” to shed some light on the drivers for BYOD, how companies will benefit from BYOD, and how they respond to the security risks associated with this trend.

The results are in - we received more than 1,600 responses and found interesting insights into BYOD adoption patterns and mobile security practices. We hope you will enjoy the report.

Thanks to everyone who participated in the survey!

Group Owner, Information Security Communityhhschulze@gmail.com | +1 302-383-5817

Holger Schulze

INTRODUCTION

Share the Report

BYOD & MOBILE SECURITY | read the 2013 survey results

The number one benefit of BYOD is greater employee satisfaction and productivity.

A majority of companies are concerned about loss of and unauthorized access to data.

Encryption is the most used risk control measure for mobile devices.

The biggest impact of mobile security threats is the need for additional IT resources to manage them.

The most popular mobile business applications are email, calendar and contact management. The most popular mobile platform for BYOD is iOS/Apple.

2

Top-5 Trends in BYOD & Mobile Security

1

2

3

4

5

SURVEY HIGHLIGHTS

BYOD & MOBILE SECURITY | read the 2013 survey results 3

The top-3 drivers for BYOD are all about keeping employees happy and productive: greater employee satisfaction (55 percent), improved employee mobility (54 percent) and increased employee productivity (51 percent).

Greater employee satisfaction

Improved employee mobility

Increased employee productivity

Reduced device/endpointhardware costs

Reduced operationalsupport costs

Other

What are the main drivers and expected benefits of BYOD for your company?

0% 20% 40% 60%

WHAT ARE THE MAIN DRIVERSand benefits of BYOD for your company?Q1

BYOD & MOBILE SECURITY | read the 2013 survey results 4

While a slim majority of organizations support company-owned devices,

BYOD is clearly on everyone’s radar.

Company-owned devicesare widely used

Privately-owned devicesare in very limited use

Privately-owned devices are widely in use,but not supported by the organization

Privately-owned devices are widely inuse and supported through a BYOD policy

BYOD is under evaluation

Which of the following describes your organization’s overall policy towardsprivately-owned and company-owned mobile devices for business use?

There are currently no plans to use privatedevices within the next 12 months

We plan to allow private deviceswithin the next 12 months

Other

0% 10% 20% 30% 40%

WHICH IS YOURorganization’s BYOD policy?Q2

BYOD & MOBILE SECURITY | read the 2013 survey results 5

BYOD causes significant security concerns: Loss of company or client data (75 percent), unauthorized access to company data & systems (65 percent) and fear of malware infections (47 percent) top the list.

Loss of company or client data

Malware infections

Lost or stolen devices

Device management

Unauthorized access to companydata and systems

What are your main security concerns related to BYOD?

Compliance with industry regulations

Support & maintenance

Other

0% 20% 40% 60% 80%

None

WHAT ARE YOUR MAIN SECURITYconcerns related to BYOD?Q3

BYOD & MOBILE SECURITY | read the 2013 survey results 6

The biggest impact of mobile security threats is the need for

additional IT resources

to manage them (33 percent).

And 28 percent of respondents

report no negative impact from

mobile threats in the past 12

months.

Additional IT resources needed tomanage mobile security

Corporate data loss or theft

Cost of cleaning up malware infections

Increased helpdesk timeto repair damage

None

What negative impact did mobile threats have on your company in the past 12 months?

Don’t know

Disrupted business activities

Reduced employee productivity

0% 5% 10% 15% 20% 25% 30% 35%

The company had to pay regulatory fines

Other

Increased cost due to devices subscribedto premium pay-for-services

WHAT NEGATIVE IMpACT DIDmobile threats have on your company?Q4

BYOD & MOBILE SECURITY | read the 2013 survey results 7

The most popular mobile platform for BYOD is

iOS/Apple (72 percent).

Which mobile platforms does your company support?

iOS / Apple

Android / Google

RIM / Blackberry

Windows / Microsoft

None

All other responses

0% 10% 20% 30% 40% 50% 60% 70% 80%

WHICH MObILE pLATfORMSdoes your company support?Q5

BYOD & MOBILE SECURITY | read the 2013 survey results 8

Central management of mobiledevices and applications

None

Employee training

Detailed BYOD policies

Other

Which company policies and procedures do youhave in place for mobile devices?

0% 10% 20% 30% 40%

WHICH COMpANY pOLICIES DOyou have in place for mobile devices?Q6

Central management of mobile devices and applications (39 percent) tops the list of BYOD policies and procedures currently in place. 32 percent of organizations say they do not have any policies or procedures in place.

BYOD & MOBILE SECURITY | read the 2013 survey results 9

Mandatory use of encryption

(40 percent) is the most used risk control measure for mobile devices.34 percent of organizations say they have no risk control measures in place.

Mandatory use of encryption

None

Endpoint Integrity Checking

Auditing of mobile devices

Attack and penetration testingof mobile applications

Which risk control measures are in place for mobile devices?

0% 10% 20% 30% 40%

Other

WHICH RISk CONTROL MEASURESare in place for mobile devices?Q7

BYOD & MOBILE SECURITY | read the 2013 survey results 10

85 percent of organizations

have most of their intellectual

property and sensitive data

stored in the datacenter/network.

Where is most of your intellectual property and sensitive data stored?

Datacenter / Network

Device / Endpoint

Cloud

Other

0% 20% 40% 60% 80% 100%

WHERE IS MOST Of YOUR INTELLECTUALproperty and sensitive data stored?Q8

BYOD & MOBILE SECURITY | read the 2013 survey results 11

77 percent of organizations are

most concerned about protecting

business and employee data.

Business and employee data(in databases, apps, etc)

Documents

Emails

Contacts

What type of intellectual property and sensitive data are you most concerned about?

Images

Text messages

Voice conversations

0% 20% 40% 60% 80%

Other

WHAT TYpE Of INTELLECTUAL pROpERTY& sensitive data are you most concerned about?Q9

BYOD & MOBILE SECURITY | read the 2013 survey results 12

Mobile device managementtools (MDM) are most frequently used by

40 percent of organizations to

monitor and govern mobile devices.

22 percent of organizations say

they have no tools to monitor

and govern mobile devices.

Mobile Devices Management(MDM) Tools

Endpoint Security Tools

Network Access Controls (NAC)

Endpoint Malware Protections

Which tools are used to monitor and govern the handling of mobile devices?

None

Configuration Controls /Lifecycle Management

Other

0% 10% 20% 30% 40%

WHICH TOOLS ARE USED TO MONITORand govern the handling of mobile devices?Q10

BYOD & MOBILE SECURITY | read the 2013 survey results 13

45 percent of organizations

embed personal mobile

devices via

guest networking and separate networks.

How are current mobile devices embedded in your organization’s IT-infrastructure?

0% 10% 20% 30% 40% 50%

Guest networking / separate networks for personal mobile devices

Incident management procedures are employed / amended

An application repository exists for mobile devices

Other

None

HOW ARE CURRENT MObILE DEVICESembedded in your organization’s IT-infrastructure?Q11

BYOD & MOBILE SECURITY | read the 2013 survey results 14

32 percent of organizations

are considering or implementing

on-premise BYOD solutions.

In order to meet your BYOD objectives and deploy relevant technologies, have you considered or already implemented one of the following?

0% 5% 10% 15% 20% 25% 30% 35%

On premise solutions

None

Cloud (SaaS) solutions

Other

Hybrid of cloud and on-premise solutions

HOW ARE YOU DEpLOYING BYOD solutions?Q12

BYOD & MOBILE SECURITY | read the 2013 survey results 15

The most important success

criterion of BYOD deployments is

maintaining security

for 70 percent of organizations.

Employee productivity ranks

second with 54 percent.

Security

Employee productivity

Usability

Device management

What are your most important success criteria for BYOD deployments?

Cost reduction

Innovation

Technology consolidation

0% 20% 40% 60% 80%

Other

WHAT ARE YOUR MOST IMpORTANTsuccess criteria for BYOD deployments?Q13

BYOD & MOBILE SECURITY | read the 2013 survey results 16

Email accounts (49 percent),

access and authentication

(47 percent), and acceptable

usage & employee education

(42 percent) are the

top-3 mobile device policy topicsfor organizations.

Email accounts

Which topics are covered by your company's Mobile Device Policy?

Access and authenticationAcceptable usage

/ employee educationDevice wiping

Stored data

Malware protection

Configuration

Applications

Guest networking

Location tracking

SMS

Other

We don’t have a mobiledevice policy

0% 10% 20% 30% 40% 50%

WHICH TOpICS ARE COVERED bYyour company’s Mobile Device Policy?Q14

BYOD & MOBILE SECURITY | read the 2013 survey results 17

Logging, monitoring and reporting

are the most required features

(69 percent) of mobile device

management tools (MDM).

Logging, monitoring and reporting

In your opinion, which capabilities are required forMobile Device Management (MDM) tools?

Centralized functionality

Malware protection

Ease of deployment

Configuration controls

Endpoint Integrity Checking

Role-based access rulesFlexible configuration to support

different requirements and parametersHarmonization across mobile

platform typesIntegration with other Endpoint

Management SystemsOther

0% 20% 40% 60% 80%

WHICH CApAbILITIES ARE REQUIREDfor Mobile Device Management (MDM) tools?Q15

BYOD & MOBILE SECURITY | read the 2013 survey results 18

60 percent of

organizations have not yet adopted BYOD,but are considering it. Only

10 percent of non-adopters are

ruling it out. 24 percent are

actively working on policies,

procedures and infrastructure

for BYOD.

Not yet adopted, but considering

Working on the policies, procedures andinfrastructure to enable BYOD

Currently evaluating the cost/ benefits of BYOD adoption

BYOD already fully implemented

Which stage of BYOD adoption has been reached in your company?

Considering BYOD adoption within a year

Not yet adopted, and no plans

BYOD will not be permitted

0% 10% 20% 30% 40% 50% 60% 70%

Other

WHICH STAGE Of bYOD ADOpTIONhas been reached in your company?Q16

BYOD & MOBILE SECURITY | read the 2013 survey results 19

A majority of organizations

say they are

less than 50 percent ready to adopt BYOD

for their enterprise.

How would you rate your readiness for full enterprise BYOD adoption(in percent | 100 is completely ready)?

0 10 20 30 40 50 60 70 80 90 1000%

2%

4%

6%

8%

10%

12%

14%

Readiness in %

Responses in %

HOW WOULD YOU RATE YOUR READINESSfor full enterprise BYOD adoption?Q17

BYOD & MOBILE SECURITY | read the 2013 survey results 20

41 percent of all organizations

create mobile apps for employees

- 40 percent do not. 18 percent

plan to do so in the future.

Does your organization create / use mobile apps for businesspurposes by employees?

0% 10% 20% 30% 40% 50%

Yes

No

Planned in the future

Other

DOES YOUR ORGANIzATION CREATE / USEmobile apps for business purposes by employees?Q18

BYOD & MOBILE SECURITY | read the 2013 survey results 21

43 percent of organizations

create mobile apps for customers

- 40 percent do not. 17 percent

plan to do so in the future.

Does your organization create / use mobile apps for business purposes by customers?

0% 10% 20% 30% 40% 50%

Yes

No

Planned in the future

Other

DOES YOUR ORGANIzATION CREATE / USEmobile apps for business purposes by customers?Q19

BYOD & MOBILE SECURITY | read the 2013 survey results 22

The most popular mobile

business applications are

email, calendar and contact management

(85 percent).

Email/Calendar/Contacts

Document access / editing

Access to Sharepoint / Intranet

Access to company-built applications

What do you think are the most popular business applicationsused on BYOD devices?

File sharing

Access to SaaS apps such as Salesforce

Virtual Desktop

0% 20% 40% 60% 80% 100%

Video conferencing

Cloud Backup

Other

WHAT ARE THE MOST pOpULARbusiness applications used on BYOD devices?Q20

BYOD & MOBILE SECURITY | read the 2013 survey results 23

This survey was conducted in April 2013. We collected 1,650 responses from information security professionals across the world – here is a detailed breakdown of the demographics.

Software & Internet

What industry is your company in?

0% 5% 10% 15% 20%

Computers & ElectronicsFinancial ServicesBusiness Services

GovernmentTelecommunications

EducationManufacturing

Healthcare, Pharmaceuticals, & BiotechEnergy & Utilities

RetailNon-profit

Media & EntertainmentTransportation & Storage

Consumer ServicesAgriculture & Mining

Real Estate & ConstructionTravel, Recreation & Leisure

Wholesale & DistributionOther

Owner/CEO/President

Director

C-Level (CTO, CIO,CMO, CFO, COO)

VP Level

Other

What is your career level?

0% 5% 10% 15% 20% 25% 30% 35%

Manager

Specialist

What is the size of your company (number of employees)?

32.6% | 10-99

25.3% | Fewer than 10

22.0% | 100-999

11.4% | 1,000-10,000

8.6% | 10,000+

Operations

Engineering

Product Management

Marketing

Other

What department do you work in?

0% 20% 40% 60%

Sales

IT

Legal

Finance

HR

SURVEY METHODOLOGY

BYOD & MOBILE SECURITY | read the 2013 survey results 24

We would like to thank our sponsors for supporting the BYOD & Mobile Security Report.

Lumension | www.lumension.comLumension Security, Inc., a global leader in endpoint management and security, develops, integrates and markets security software solutions that help businesses protect their vital information and manage critical risk across network and endpoint assets. Lumension enables more than 5,100 customers worldwide to achieve optimal security by delivering a proven and award-winning solution portfolio that includes Vulnerability Management, Endpoint Protection, Data Protection, Antivirus and Reporting and Compliance offerings. Headquartered in Scottsdale, Arizona, Lumension has operations worldwide. Lumension: IT Secured. Success Optimized.™

Symantec | www.symantec.comSymantec protects the world’s information, and is a global leader in security, backup and availability solutions. Our innovative products and services protect people and information in any environment – from the smallest mobile device, to the enterprise data center, to cloud-based systems. Our world-renowned expertise in protecting data, identities and interactions gives our customers confidence in a connected world.

KPMG | www.kpmg.comKPMG delivers a globally consistent set of multidisciplinary services based on deep industry knowledge. Our industry focus helps KPMG professionals develop a rich understanding of clients’ businesses and the insight, skills, and resources required to address industry-specific issues and opportunities..

MailGuard | www.mailguard.com.auThe MailGuard Group was founded in 2001 to address the growing online security concerns of business. Recognising that organisations needed a simple and inexpensive way to manage unwanted email and web content, we pioneered a range of cloud security solutions to provide complete protection against online threats. Today, we’ve built upon our reputation as a technological innovator to become a trusted name in enterprise cloud security.

Zimbani | www.zimbani.com.au Zimbani is an innovative technology consulting firm with a special focus on information security, mobility and cloud. We help businesses acquire a competitive edge by incorporating the latest technology that can improve their current performance as well as prepare them for future challenges. Our extensive experience in the industry has helped us deliver capabilities that can ultimately optimise the service and products offered by our customers. Our aim is to provide businesses with highly cost effective, trustworthy, productive and innovative solutions that will add value to your business. With our help our clients have been able to deliver secure, efficient and adaptive services with ease.

SpONSORS

BYOD & MOBILE SECURITY | read the 2013 survey results 25

About the Information Security Community

Over 160,000+ members make the Information Security Community on Linkedin is the word’s largest community of infosec professionals. We are building a network of infosec professionals that connects people, opportunities, and ideas. If you are involved in purchasing, selling, designing, managing, deploying, using ... or learning about information security solutions an concepts - this group is for you.

Join the INFORMATIONSECURITYCOMMUNITY

on LinkedIn

InformationSecurity

Group Partner

Many thanks to everybody who participated in this survey.

If you are interested in co-sponsoring upcoming surveys, or creating your own survey report, please contact Holger Schulze at hhschulze@gmail.com.

THANk YOU

BYOD & MOBILE SECURITY | read the 2013 survey results 26

Holger Schulze is a B2B technology marketing

executive delivering demand, brand awareness,

and revenue growth for high-tech companies.

A prolific blogger and online community builder,

Holger manages the B2B Technology Marketing

Community on LinkedIn with over 42,000

members and writes about B2B marketing trends

in his blog Everything Technology Marketing.

Our goal is to inform and educate B2B marketers

about new trends, share marketing ideas and

best practices, and make it easier for you to find

the information you care about to do your jobs

successfully.

Holger SchulzeB2B Marketer

Emailhhschulze@gmail.com

Follow Holger on Twitterhttp://twitter.com/holgerschulze

Subscribe to Holger’sTechnology Marketing Bloghttp://everythingtechnologymarketing.blogspot.com

AbOUT THE AUTHOR