Mobile devices are everywhere, especially smartphones, and like it is with most things, there are benefits and curses.
Mobile devices especially the use of employee-owned devices for work purposes are also putting new stress on the IT department, according to the according to the Ponemon Institute’s “State of the Endpoint” study released this week, sponsored by Lumension. The survey shows mobile devices, especially smartphones, are among “the greatest rise of potential IT security risk.”
Use of personal mobile devices for work appears to be growing rapidly. Seventeen percent of the survey’s respondents said more than 75% of the organization’s employees use their personal devices in the workplace; 20% said more than half did.
Roughly half allow some level of connectivity to the corporate network and indicated they “secure them in a manner similar to that already in place for corporate devices;” 12% claimed security standards were even stricter. Twenty-one percent said they allow no such use, while a similar number said they are planning to allow it.
In addition, there are signs IT operations and IT security often fail to work as a team, according to study.
Forty percent said collaboration is “poor or non-existent” and 48% call it adequate, but there can be improvement. Virtualization, mainly VMware and Microsoft Hyper-V, are increasingly the software platforms their organizations support, and 55% say virtualization does require “additional security measures,” with most turning for help with the virtualization vendor or vendors with specialized virtualization security components, according to the survey.
But 41% indicated there is no clear responsibility for virtualization security. Additionally, 21% said IT security was responsible, 15% said IT operations was and 11% said it was the job for IT compliance.
A quarter of the survey’s respondents said they use mobile-device management (MDM) of some kind today and 45% indicated that use would increase in the next 12 months. And whereas only 9% in 2010 cited mobile devices such as smartphones as an area of the greatest risk to the enterprise, this year 48% did.
Microsoft operating systems and applications are most vulnerable to overall IT risks, though slightly less than 2010. There is also deep concern about possible vulnerabilities in third-party applications. And there’s growing nervousness about the Apple Mac operating system, with 25% listing it in their top-three greatest concerns. That’s up from 15% last year who said they worry about the Mac and malware.
In addition, 41% of IT managers are now “very concerned” about Mac malware infections, and another 44% are “increasingly concerned.”
Malware in general continues to be the plague disrupting IT security, according to the survey. About a third cited a “major increase” in all types of malware incidents over last year, and 22% claimed there was a “slight increase.” A majority of organizations said they use anti-virus software, and found it useful, though 21% called antivirus/anti-malware “not effective at all.”
The survey found 43% said there were more than 50 “malware attempts or incidents” their IT organizations had to deal with monthly. That was up from 27% last year. Thirty-two percent said IT coped with between 26 to 50 monthly malware attempts and incidents, 13% said 11 to 25, and only 12% cited less than that.
Thirty-six percent believe their organization was subject to “targeted attacks” aimed specifically at them for purpose of infiltrating the organization.