US MOBILE SECURITY: STATE OF THE INDUSTRY
|発行||Galvin Consulting and Technology Coast Consulting||商品コード||250603|
|出版日||ページ情報||英文 37 Pages
In research conducted by Executive Council and Galvin Consulting on the mobile security market during July and August 2012, CISOs expressed high levels of concern over most aspects of mobile security. Much of this unease relates to trends surrounding BYOD - Bring Your Own Device - in which employees utilize their personal smart devices in corporate settings and connect these devices to enterprise networks. While increased user education and a requirement that employees be under the authority of mobile device management solutions has helped assuage some of these concerns, nearly 90% of the CISOs report that they are ‘very' or ‘somewhat' concerned about the security of data transmitted over personal smart devices within their organizations.
Closely related to issues surrounding BYOD is the lack of device-based security standards, another key mobile security concern raised by CISOs. Additional mobile security cautions include a lack of network and device visibility, lost physical assets, and the use of non-standardized storage, including services such as Dropbox.
CISOs also raised issues surrounding mobile application security, including the introduction of viruses and malware when purchasing mobile apps, along with the practice of allowing end-users to access mobile apps and the inability to revoke access once granted.
Security concerns relating to mobile device clients are another area of concern for many CISOs, particularly with regard to peer-to-peer applications, which allow users to transfer files and share information back and forth between devices. This is especially challenging in BYOD environments because corporate IT departments have very little control over the types of applications installed on personal devices and very little insight into the security and integrity of those applications.
Mobile Device Management (MDM) platforms are one tool CISOs are using to guard against mobile security breaches. Our research found generally high rankings of satisfaction with the effectiveness of current MDM capabilities. Nevertheless, a majority of CISOs do not believe MDM capabilities alone are sufficient for overall mobile security, due primarily to the immaturity of the industry, a desire by CISOs to utilize layers of control, and the inherent vulnerabilities and architectural weaknesses found in mobile devices.
The tension between IT control and end-user choice surfaced in our study results, and we found that IT control is generally ranked higher than end-user choice among CISOs. Nevertheless, security executives also recognize the benefits of mobile devices in terms of business enablement. The use of mobile tools in critical business logic and business work flow is only expected to accelerate.
As mobile devices become more ubiquitous, CISOs are expected to devote a higher percentage of their IT budget to mobile security. While a majority of CISOs are spending five percent or less of their IT budgets on mobile security currently, that percentage is expected to shift in the next 12 months, when a majority of security executives report that they will spend between six and 10 percent of their budgets on mobile security.
While our research found that a majority of CISOs are using VPN connections to deploy mobile devices today, security executives are also interested in exploring the use of application tunnels. Additionally, CISOs report a desire to replace shared keys with internal wireless networks utilizing 802.1X and network access control, technologies that are generally considered more secure than shared keys, particularly as employees increasingly connect personal smart devices to corporate networks.
Executive Council and Galvin Consulting interviewed 100 US Chief Information Security Officers (CISOs) in July and August 2012 about the state of mobile security within their organizations. We also asked participants about their future plans for mobile security technology. CISOs were selected randomly and participated in telephone interviews.
Of the 100 CISO respondents, 23% represent organizations with over $10 billion in annual revenue, 19% are from organizations with $5-10 billion in revenue, 37% represent organizations with between $1-5 billion in annual revenue, and the remainder (21%) work in organizations with less than $1 billion in annual sales.
The firms represent a broad cross-section of vertical industries, including financial services, communications, business services, retail, manufacturing, education, health care, government, energy, media, technology, transportation, engineering/construction, wholesale/distribution, utilities, and aerospace.
All questions that used a 10-point scale designated ‘1' as the ‘least important' or ‘least satisfied' value and ‘10' as the ‘most important' or ‘most satisfied' value.
Galvin Consulting publishes syndicated research on mobile technology, including Smartphones in the US Enterprise, Transforming Healthcare through mHealth Solutions, and Mobile Device Management: Key Considerations in Evaluating & Selecting a MDM Solution. Additionally, Galvin Consulting has supported direct clients and mid-tier research firms on custom market intelligence and primary research projects. Analyst expertise extends from mature hardware and software technology to emerging markets.