Bring Your Own Device Enterprise Mobility - BYOD

The BYOD concept "blurs" the boundaries between work and private life. Today, more and more employees use social networks (for example, Facebook, Twitter and Xing), in which professional and private contacts "converge." The principle of corporate mobility (BYOD - from Bring Your Own Device) is a hot topic in the IT industry, including at the level of large companies. This principle provides that employees of the company use their personal electronic devices - laptops, tablets or smartphones for business purposes . Employees get more flexibility in their work, increased level of satisfaction with work. In addition, BYOD also brings potential for cost savings.

See also: Mobile Device Management (MDM) "'

BYOD in the world

2013

According to IDC research, sales of mobile devices increased by 20% in 2013, which accounted for 20% of all IT sales in the world and led to an increase in the IT market by 57%. At the same time, without the mobile device market, the IT industry would grow by only 2.9%. According to Gartner research, mobile technology and mobile access are among the top 10 CIO priorities this year, and the repository, or enterprise application store, is among the top 10 technology trends of this year.

The use of mobile technologies and mobile access devices is growing. In the US, 78% of office workers use mobile access devices for work purposes. 65% of office workers use mobile communications to do their jobs. According to experts, by 2014, each employee of mental labor will have an average of 3.3 connected devices (in 2012 this figure was 2.8 units).

On average, IT will spend 20% of its budget on mobility initiatives in 2014, up from 17% in 2012.

2011

According to the results of the study "Enterprise Mobility 2011, Taking stock of German companies" investment plans, "conducted in April 2011 by marketers of Berlecon Research, a member of the Pierre Audoin Consultants (PAC) group, in many modern companies, a significant part of the staff is already mobile. In more than half of all reviewed companies, at least one employee out of ten regularly works on a mobile basis. In almost one in five enterprises, more than half of employees work remotely more than once a week. In each third organization, more than half of the employees move continuously across the company's premises. The growth of mobility is especially noticeable in medium-sized enterprises: in 26% of companies with a staff of 250 to 500 people, more than half of employees regularly work outside the office.

Analysts at Berlecon Research believe that the rapid spread of smartphones and tablets in Germany indicates that the issue of corporate mobility is very relevant for business in this country. 80% of German companies use smartphones in everyday work; in every fifth company, they are used by more than half (!) Of the staff. These results are supported by data from the Bitkom association (Bundesverband Informationswirtschaft, Telekommunikation und neue Medien e. V.). In 2011, 11.8 million smartphones were sold in Germany, which is more than one third higher than the results of 2010. According to Berlecon, today about 25% of companies use tablets in their daily activities.

Mobile solutions have also gained popularity among private users. According to the latest data from Allensbacher Computer and Technical Analysis (ACTA), 7.3 million people planned to purchase a smartphone in Germany in 2011. According to Bitkom, 2.1 million tablets were sold in Germany in 2011, exceeding their own earlier estimate of 1.5 million units. Manufacturers forecast even stronger market growth in 2012. Industry representatives report that they expect sales to grow by 29% to 2.7 million units in 2012. "Tablet computers are a major part of the consumer device market. The audience of their users is constantly growing, "said Bitkom President Dieter Kempf. Gartner analysts confirm that this trend will cover other countries. According to their forecasts, high growth will continue until 2015, with approximately 326.3 million tablet devices changing ownership by then. In 2011, about 40.5 million iPad devices were sold worldwide.

In May 2011, PAC released the results of a survey of IT managers and CEOs of German companies on the deployment of tablets. The study involved 151 people. The review confirmed that companies value mobile devices and expect them to play an important role in the development of enterprise IT environments. In particular, PAC notes the high potential of mobile applications ERP and CRM. Managers who participated in the study believe that tablets can improve the efficiency of their employees. Among the companies participating in the survey, iPad became the most popular tablet PC.

About 70% of companies believe that the Bring Your Own Device (BYOD) strategy can improve their performance, and 59% believe that its absence deprives organizations of competitive advantages.

However, as noted in Vanson Bourne, three-quarters of respondents (at the end of 2013) claim that BYOD will bring significant benefits only when there is an understanding of the specific requirements of users and how to distinguish their rights. Only 17% of organizations are ready to take control of any user device, following the wishes of their employees.

In general, respondents cited four positive changes for employees: increased flexibility of the work schedule, increased creativity, innovation and more active interaction with colleagues. In addition, the following BYOD strategies note improved productivity, reduced response time, and improved operational efficiency.

BYOD in Russia

2013

The attitude of Russian business to mobility is generally positive, opportunities and a sharp increase in efficiency are exciting. However, the fact that mainly mobilization occurs at the expense of BYOD in an uncontrolled version is cause for concern. The infographic reflects the mood of both employers and employees^[1].

Analysts promise that in a year the number of mobile employees in the world will reach 1.3 billion people, according to rough estimates, this is one in seven inhabitants of the planet. If you take into account that about 70% of the population (4.9 billion people) is employed in the economy, then the share of mobile personnel will be a little less than a third. At the same time, the Russian contingent is free-thinking - 47% of employees will use mobile devices at the workplace even when the employer is banned.

2011

At the end of 2011, the AITI Corporate Mobility Center conducted an analytical study among the heads of IT and business divisions, the purpose of which was to identify the current state, trends and prospects for the development of the corporate mobility market in Russia. The survey method was chosen for the participants of the conference "Corporate Mobility Day/Enterprise Mobility Day," organized by the AIT Corporate Mobility Center. The conference was attended by more than 150 IT and business leaders of medium and large companies and organizations representing various sectors of the economy. 102 questionnaires completed by more than 75% were accepted for analysis, which provided a holistic picture of the affected area of analysis. Respondents were asked to answer 23 comprehensive questions to analyze the following aspects of the use of smartphones and tablets in the corporate environment:

• General view of corporate mobility - demand, motivation, condition, plans
• Users and mobile access to enterprise information systems and resources
• Provide employees with mobile devices and access to corporate information resources and systems
• Constraints on effective business use of mobile technologies
• BYOD - personal mobile devices in the corporate environment
• Enterprise Mobile Application Deployment Scenarios
• Mobile Platforms

These studies confirmed the relevance of the issue of business use of smartphones and tablets in organizations and companies. This is not just a tribute to fashion gadgets brought to the business environment by top managers, but a consequence of the real needs of organizations, including those related to improving communications (81%) and existing business processes (61%).

Mobile access is needed not only by heads of organizations (83%) and departments (81%), setting the tone in the business application of modern mobile devices. In Russia the tendency to formation of the category of employees called IDC "mobile professionals" is clearly visible (mobile professionals, on taxonomy of IDC Worldwide Mobile Worker Population 2009-2013 Forecast). These are employees who have to work a significant part of their time outside their workplace, and yet they need to ensure full, timely and secure mobile access to corporate resources.

The results of the survey showed that organizations pay attention not only to smartphones, but also to tablets. iOS and Android become unconditional leaders among smartphone and tablet platforms. And if recently iPad was de facto the only choice of corporate users, now there is a growing trend in the share of Android tablets (23% of respondents noted), which are considered for use by almost half of the organizations surveyed.

The variety of devices and platforms available on the market, in the context of the lack of updated corporate standards, is the most common reason limiting the effective use of mobile devices (50%). The second most important factor impeding, according to more than 40% of respondents, the effective use of mobile devices in the corporate environment is restrictions on information security. At the same time, the cost of devices as a inhibiting factor is noted by less than a fifth of respondents. This item was only in 6th-7th place, coupled with insufficient readiness of IT/network infrastructure.

Mobile Device Management (MDM/EMM) today uses only 4-5% of medium and large organizations. The introduction of such tools can have a decisive impact on ensuring the legitimacy and transparent control of mobile access to corporate information resources and systems within the framework of policies and regulations adopted in the organization. And more than 65% of IT managers are aware of the need for such solutions, considering the possibility or already planning appropriate implementations in the near future.

"Summarizing the results of our research, we can confidently say that the topic of mobilizing employees of organizations and companies has attracted serious attention from IT departments and the business itself, which often initiates such requests for IT and information security services," comments Sergey Orlik, director of the company's Corporate Mobility Center. - This requires a systematic approach to implementing processes and solutions to "mobilize" employees and business processes. This is the only way companies can effectively solve the problems of fast and secure mobile access to corporate data. "

• You can get acquainted with the full version of the study on the website of the AIT Corporate Mobility Center: http://mobility.it.ru/common/mobility_files/analytic_ru.pdf

Cisco Ike: BYOD Is Easier Than You Think (BYOD - Simpler Than You Think)

In this video, it is clearly and humorously demonstrated that the advantages of BYOD for business not only significantly outweigh the possible disadvantages, but also level them. To ensure security, BYOD technologies distribute users into categories of access to certain resources according to various parameters, creating conditions for comfortable and safe management of any number of completely different mobile devices.

Ike is the hero of a series of videos created by Cisco to popularize promising technologies. The first video featuring this character was released in the spring of 2011 under the name Ike can do IT. Both in the name of the video and in the name of the hero (Ike Theodore (IT) Willis), Ike's close connection with the IT world is played out.

In the spring of 2012, Cisco announced the results of a study called Cisco IBSG Horizons Study, during which Chief information officers and executives of 600 companies in the United States were interviewed. The study showed that IT departments consider it acceptable and sometimes even actively support the principle of "Bring Your Own Device" (BYOD). The survey revealed both tangible benefits and difficulties associated with employees using their own mobile access devices in employer networks. In publishing the results of the study, Cisco recalled its "intelligent" solutions for enterprises that give telecom operators the ability to provide mobile access to customers and end users in the office, home and on the go.

Many enterprises, the study says, have already given way to the BYOD concept. The vast majority (95%) of respondents said that in their organizations, employees are allowed to somehow use their own devices in workplaces. The study also showed that by 2014, each employee of mental labor will have an average of 3.3 connected devices (in 2012 this figure will be 2.8). Under such conditions, IT managers must balance the need to ensure, on the one hand, the security of information and the network, and on the other, support the devices used in order to reduce costs and increase productivity at the expense of BYOD.

Moreover, the survey showed that employees use their own devices at work can provide significant benefits to business. More than three quarters (76%) of IT managers surveyed described BYOD as a factor that in one way or another contributes to the activities of their companies and at the same time creates considerable difficulties for IT specialists. All this indicates that the use by employees of their own devices at work has become irreversible. In this regard, managers recognize the need for a more comprehensive approach that allows for the ability to scale and manage mobility, security, virtualization, and network policies in order to contain management costs while ensuring optimal cost savings.

The results of the study confirm Cisco's view that mobility cannot be limited to the BYOD concept and should include carrier and enterprise mobility, as well as security, collaboration, and desktop virtualization solutions.

Key findings of the study

More and more IT and business leaders endorse BYOD

• 95% of organizations allow their employees to somehow use their own devices in workplaces.
• 84% of respondents not only allow employees to use their own devices, but also provide some support for this.
• 36% of surveyed enterprises provide full support for employee devices. In other words, they provide support for any devices (smartphones, tablets, laptops, etc.) used by employees in the workplace.

The use of mobile technologies and mobile access devices is growing. In the US, 78% of office workers use mobile access devices for work purposes. 65% of office workers use mobile communications to do their jobs. As already mentioned, by 2014, each employee of mental labor will have an average of 3.3 connected devices (in 2012 this figure will be 2.8).

• On average, IT will spend 20% of its budget on mobility initiatives in 2014, up from 17% in 2012.

Respondents noted two main advantages of BYOD: increased employee productivity (more opportunities for collaboration) and greater satisfaction from work.

Employees want to work as convenient as they can. They bring to work their own devices for the effective performance of their duties and for the convenience of work.

• 40% of respondents called "device choice freedom" (i.e., the ability to use a selected device anywhere) their top priority as far as BYOD is concerned.
• The next priority for employees is flexibility in the performance of their duties, that is, the ability to work in any convenient place at any convenient time.
• Employees also want to use their own applications at work. 69% of respondents indicated that unauthorized applications, in particular cloud e-mail, social networking and instant messaging applications, are much more common today than two years ago.
• Employees are willing to invest in improving the efficiency and convenience of their work. According to Cisco IBSG Consulting, a Cisco employee using his own devices additionally spends an average dollars of $600.

The benefits of applying the BYOD concept can be significant, although they vary depending on the position and job responsibilities of the employee. Cisco IBSG estimates that BYOD's annual profit is $300-1300 per employee, depending on its position.

Personal mobile devices at work lead to additional costs

Most organizations that use the BYOD concept or are thinking about starting to do so are concerned that employee gadgets create a dangerous gap in corporate network protection. This conclusion was reached in 2012 by experts of Webroot, a company specializing in computer security. In particular, this problem is relevant for small companies that cannot afford serious additional security spending.

The company's research involved American, British and Australian companies with more than 10 employees. More than half of the companies surveyed said they had to deal with unexpected security threats posed by private mobile devices. 61% of survey participants said that this leads to overload on IT departments and, as a result, reduce their productivity and increase costs.

Problems arise not only with security, but also with the routine operation of mobile devices. So, 63% of companies complained that employees constantly needed the help of a helpdesk to repair, configure and manage smartphones and tablets. Representatives of the helpdesk began to take more than a third of their working time to solve these problems.

The confidence that mobile devices can harm the security of their company was expressed by 82% of respondents. This fear is not justified: employees of 45% of companies lost phones containing important work data, or became victims of theft, and 24% were found to have numerous viruses.

However, mobile devices remain a priority area of ​ ​ work for modern workers, so many companies chose to spend on additional security measures rather than completely stop BYOD. After several attacks, 46% of companies began to install mobile "defense." However, it was available mainly to large players: almost half of the companies that were able to afford mobile protection contain 100 or more employees. However, it is large companies that are most often attacked - 67% of companies with more than 100 employees had certain problems with mobile security.

A potential way out of this situation is to centrally provide employees with all the necessary devices. This approach allows you to not limit the mobility of workers, but at the same time monitor the security of mobile devices.

Ilyin Dmitry, Director of IT Infrastructure of the Company, talks about the development of the BYOD concept at VimpelCom. Managers and employees who require online access to company resources are provided with laptops, mobile devices iPhone and BlackBerry, and iPad devices. They all have access to corporate e-mail. "Until recently, however, full access to the company's internal resources could be obtained only from an enterprise laptop with the Windows operating system," Ilyin said. - Now the company has implemented the service OTP (One Time Password), available to the order for employees of the company. The system made it possible to provide full access to corporate resources from employees' personal devices running Windows, as well as partial access from Android and MAC OS devices. "

The company initiated a project called Enterprise Mobility, within the framework of which it is planned to adapt enterprise applications to work with modern devices such as IPad, Samsung Galaxy and others, to provide their owners with all modern communication capabilities in the form of closely integrated video conferencing systems, short messages, mobile communications, SMS, corporate mail, intranet. The key goal of the project is to simplify access to corporate resources while maintaining a high level of security of access and protection against the leakage of confidential information.

"For this, it is planned to implement a Mobile Device Management class solution that will allow you to manage devices, access, applications on devices, corporate data, guarantee secure access to resources and prevent the leakage of confidential information," says Dmitry Ilyin. - In parallel with the implementation of the relevant policies and regulations, the implementation of the project will make BYOD part of the company's corporate culture. " Naturally, such an approach means a serious reallocation of IT resources in favor of supporting the concept

.

A similar practice is adopted in Yandex. "The main working tool of the yandexoid is a laptop, which is issued on the first day of work in Yandex. The employee can choose the most convenient model and operating system. You can work with a laptop not only from any place in the office, but also if necessary from home, or take with you on a business trip. From the working computer, employees have access to all internal corporate resources (mail, intranet, etc.), and all the license software necessary for work is installed on it. Many employees are also given smartphones (you can choose from several modern models - iPhone, HTC, etc.) or tablets and mobile Internet is paid for, "explained Elina Staviskaya, a representative of Yandex.

Security instructions designed to help businesses reduce the number of threats from mobile devices, among other things, recommend installing proven enterprise software and continuously updated antivirus systems on all personal mobile devices that will be used in the office. It is very likely that the development of BYOD practice will lead to the emergence of industry standards, recommendations for its implementation. At the same time, technical support resources will be seriously redeployed.

BYOD-Savings

According to Gartner research, switching to BYOD technologies can help companies save up to 40% of the cost of purchasing and maintaining employees.

The use of BYOD technologies in the company provides potential savings on hardware, software, infrastructure, as well as contributes to the modernization of IT applications and IT support. Savings depend primarily on how much the company wants to contribute to supporting employees with mobile technology solutions.

According to statistics, about 95% of organizations allow employees to use their mobile devices for work and connect them in one way or another to their infrastructure. At the same time, 84% of organizations provide partial support for these devices, most often this is done without central management tools and does not have any system.

And only about 36% of companies provide full support for mobile devices of their employees. In other words, they provide support for any devices (smartphones, laptops, tablets) used by employees in the workplace.

An organization can have a variety of BYOD-related tasks, from the simplest, such as providing access to mail and calendars from mobile devices, to a comprehensive implementation with access to business solutions.

Of course, the decision to provide the company with full support for mobility depends on the tasks and the degree of influence of the employee concerned. From the undisputed advantages of using BYOD can be called the best integration of each employee's tasks in personal time (work/life balance).

	Alternative Costs	Savings
Hardware	Grants for equipment; additional equipment insurance	On Hardware Purchase
Software	Лицензии, Operating system, antivirus programs	Cost of employee participation in data use
Infrastructure and modernization	Security, Mobile Device Management, Cloud/Browser/Platform-Independent Applications	Снижение затрат на замену оборудования и обновление SOFTWARE
IT Support	Change processes to support multiple devices and platforms, train employees	Lower cost of technical support, promotion of own technical support

Source - Perspektive BYOD. Private Hardware in Unternehmen.

Intensive implementation and utilization of desktop virtualization

Companies recognize the importance of desktop virtualization. 98% of respondents are aware of desktop virtualization technology. 68% of respondents agree that most of the job responsibilities of mental workers can be performed more efficiently in the case of desktop virtualization, and 50% mentioned that desktop virtualization is carried out in their organizations.

Desktop virtualization provides benefits in three main areas, providing 1) business continuity, which in turn allows employees to access applications at different locations and from different devices (for example, even in the event of a server failure), 2) increase employee productivity, and 3) reduce IT costs.

Data protection is the number one task. Ensuring access to sensitive company and customer data is only a top priority for those who need it.

BYOD clouds and strategy increase the need for automatic system IAM

Traditional concepts of perimeter security and protection of the enterprise against penetration as a result of cloud proliferation and BYOD strategy have led to the need to control access to applications. And here, automatic authentication, authorization and access control systems come into play.

The promotion of cloud services in combination with the BOYD strategy complicates access rights and leads to the need to extend security systems beyond the perimeter of the enterprise.

According to a study by Symantec and Cloud Security Alliance, 90% of organizations recognize the need to control access to cloud applications, which will be the most important thing in implementing cloud services. This is the most difficult and expensive factor.

For example, imagine that the company uses Salesforce for its CRM and gives employees access to the system from their mobile devices. If an employee leaves the company, the company must delete his account. But it is also necessary to close the right of access to Salesforce, otherwise the former employee will be able to receive important information about customers. For most organizations, this is still a rather long manual process.

The more data moves to clouds, the more data is available from mobile devices. The traditional concept of security through perimeter protection is becoming untenable. The perimeter is no longer clearly defined. And this leads to the need to implement an Authentication and Access Management (IAM) system that helps monitor account lifecycle and access control.

Manual records management becomes impossible in large organizations

The larger the organization, the more difficult it is to manage accounts. One financial institution, for example, has 30 thousand employees and a thousand applications. If you multiply the number of employees by the number of accounts with access rights to these applications, you get millions of different access options. It is absolutely impossible to keep track of this in manual mode.

Access can be quite labour-intensive, and it is equally difficult to destroy access.

Entering a new employee can take five to six days, this is the loss of his working time. In the field of health care, for example, hundreds of new residents may appear in the hospital within one week. If they can't create the necessary accounts, what do they do? The doctor gives them their access so they can work.

Complexity of Automated IAM

In the past, IAM systems were available only to large enterprises. It is clear why - implementing a system that is automated and gives access rights - is not such a simple task.

The implementation was complex with an infrastructure that contains many applications, systems, and networks. Each such system has a security system optimized specifically for it. Implementing in such a well-established system requires a lot of work and complexity, since in each case it involves a combination of systems in one process. A simple money transfer procedure requires the integration of four applications optimized for specific tasks.

In addition, almost every action is related to who has access to what resources and what he can do with them. Today, IAM systems also move to clouds and can be part of SaaS services. And this allows even the smallest enterprises to use IAM systems.

Generation Y speaks out against corporate policies that prohibit BYOD and the use of cloud services in the workplace

[Fortinet] published the results of a global study in the fall of 2013, which showed that more than half of young employees (47% in Russia) from 21 to 32 years old who took part in the survey are ready to use personal mobile devices, cloud storage services and the latest technologies, such as smart watches, Google Glass, connected to the Internet cars for professional purposes contrary to the prohibiting corporate policy. The study involved 3,200 people from 20 countries aged 21 to 32. The survey was conducted in October 2013. The results of the study showed that the number of employees who do not want to obey BYOD corporate rules increased by 42%, compared to a similar survey by Fortinet 2012 [1]. The new study also shows the extent to which members of Generation Y have been victims of cybercrime, how young survey participants are competent in questions about modern Internet threats, and how widely they use personal cloud services to store corporate data.]

The Fortinet 2013 study was conducted from October 7 to 13, 2013 by the independent Vision Critical company. The survey involved 3200 young employees from 21 to 32 full-time employees with a personal smartphone, tablet or laptop. The survey was attended by 20 countries: Brazil, Canada, Chile, China, Colombia, France, Germany, Hong Kong, India, Italy, Japan, Korea, Mexico, the Netherlands, Poland, Russia, Spain, Taiwan, Great Britain and the USA.

Corporate Policy Violation Trend

Despite the fact that respondents in Russia are quite positive about the BYOD policy that exists today in their company: 51% of survey participants agreed that in general, the BYOD policy in their company has a positive effect on their activities, still 47% said they were ready to use personal mobile devices in the workplace, even if the employer prohibits this. This alarming tendency to ignore security measures extends to other areas of IT. For example, 36% of respondents in the world who have a "personal account" for storing data in the cloud, and 28% in Russia said they intend to violate any rules prohibiting them from using these services for professional purposes. As for new technologies such as Google Glass and smart watches, almost half of respondents in the world (48%) and 52% in Russia replied that they would use them even if corporate rules were introduced to prohibit this.

The growing popularity of technology accessories

When asked how soon technological innovations such as smart watches and Google Glass will begin to be widely used at work, 16% of respondents in the world and 12% in Russia said that "as soon as they go on sale, and 33% (39% in Russia) believe that this will happen when these devices become more affordable. Only 8% of respondents in the world and 4% in Russia believe that these technologies will never be widely used for professional purposes.

Extensive use of "personal rooms" in the cloud to store important enterprise data

89% of survey participants in the world and 80% in Russia have a "personal account" in at least one cloud storage service. According to the study, the most popular service in the world is DropBox (38%). In Russia, the popularity of DropBox turned out to be much less, only 15% of participants said that they used this service. In the world, 70% of respondents (62% in Russia) who have a "personal account" in the cloud used it to store professional data. 12% of this group store passwords in the cloud (only 9% in Russia), 16% - financial information (11% in Russia), 22% - critical documents such as contracts, business plans (14% in Russia). At the same time, a third of survey participants in the world (33%) and 52% in Russia store information about customers in the cloud.

Almost a third of cloud storage users in Russia and the world (32%) who took part in the survey said they fully trust the cloud. Only 6% of respondents in the world and 9% in Russia said they did not trust cloud services and did not use them to store information.

Need to improve IT security literacy

According to the survey, personal PCs and laptops suffer the most from Internet threats. More than 55% of study participants were victims of attacks on personal computers or laptops. In 50% of cases, attacks ended in the theft of personal and corporate data, and also had a negative impact on performance. In Russia, more than 68% of users surveyed admitted that their personal computers and laptops were attacked. Attacks were much less frequent on smartphones (19% in the world and 30% in Russia). A similar percentage was observed for tablets (19% in the world and 24% in Russia).

According to the study, 14% of respondents in the world and 24% in Russia said that they would not inform the employer that they were faced with hacking and theft of corporate data.

The study also showed a large spread of results in responses that determine the level of knowledge of respondents about modern Internet threats. 27% of respondents in the world and in Russia said that they were familiar with the main threats, but did not delve very deeply into the plot. Up to 52% of respondents in the world and up to 55% in Russia admitted that they do not know anything about APT, DDOS or botnets. This has shown the need for investment in staff training in this area.

BYOD Strategy Introduction Steps

Solutionary, a security management service provider, outlined the milestones of introducing the BYOD strategy in its 2013 Threat Report. The proposed phased scheme begins with the development of a policy and includes training of users, compliance with the rules and implementation of mobile antivirus in one form or another. A policy must also be introduced to ensure data encryption and remote erasure, Solutionary indicates. The SANS Institute, which is dedicated to security research and training in this area, offers security policy templates for mobile devices that can be taken as a basis. (Source: Robert Westervelt, CRN/USA)

Analysis first

Organizations will not be able to build effective protection of the corporate network if they do not understand what exactly needs to be protected, Solutionary points out. A thorough analysis will help identify all types of devices already used by employees, and the internal systems and data they access. Once a clear picture is obtained, you can formulate a policy without forgetting to engage a legal adviser. Leadership support is vital for policy success and effectiveness, experts emphasize.

Before you develop a strategy for potential BYOD implementation and application, you need to conduct a detailed analysis of the advantages and disadvantages of the solution.

Common Pro arguments are usually about time savings, ease of handling, or access anywhere. Contra arguments are usually supported by higher costs for network access control, comprehensive compliance with legal and corporate norms, and security, since such an approach requires not only a single strategy, but also increased information security associated with the need to distinguish the business and personal space of an employee on one device.

This process-oriented analysis should be complemented by a cost-benefit analysis and ROI. Which includes administration time costs, software license costs, and possible hardware costs. Because the BYOD project always requires new devices, applications, and processes to be updated and adapted for use by your company. This is followed by the resolution of legal issues, especially with regard to the protection of employees' data.

Prepare Users

The BYOD policy must be communicated to the personnel. This means training, preferably a systematic, comprehensive description of the nature of the threats to which data on smartphones and tablets are exposed. Although the focus will be on corporate data, experts believe that such training will help protect employees themselves, including at home, from cybercriminals, and therefore create a stronger defense line in general.

Do not forget about updates

As soon as the firmware update for the ROM or service pack for the application or OS is available, they must be installed as soon as possible. Installing patches on mobile devices is as important as on personal PCs and servers, writes Solutionary. Organizations may even need to limit the range of supported devices to ensure that all updates are installed in a timely manner.

Prevent overlinking

A redesigned smartphone or tablet will allow its owner to install an abnormal OS and programs that have not been verified by Apple or Google. Expert assessments vary, but most are sure that a small part of users are re-letting their devices. Microsoft Exchange ActiveSync does not have discovery tools, but organizations can use a particular MDM (Mobile Device Administration) package if they want to protect themselves from this side. At a minimum, such a ban on re-letting restricts the use of third-party applications and access to the network and requires entering a PIN or password to unlock the device, Solutionary writes.

Restrict Network Access

Solutionary recommends that organizations introduce Network Access Control (NAC) by restricting device connectivity to individual network or virtual LAN (VLAN) segments. Allow only a minimum of required access to eliminate the loss of sensitive data as much as possible, the company writes.

Remote Erasure - Required

A lost or stolen smartphone or tablet becomes a security risk much more dangerous than malware or data leakage, the company writes. The ability to remotely erase data on the device is an unconditional minimum of security measures. You can use features already built into Exchange ActiveSync (EAS) for this purpose. In addition, with their help, you can require users to enter a PIN on the device and force it to change regularly.

BYOD Security

2022:52% of businesses face data security challenges when using mobile solutions

IDC, with the support of the Open Mobile Platform, prepared a study entitled "Current Challenges of Corporate Mobility." It showed that 52% of companies face problems with data security and transmission infrastructure when using mobile solutions. The company WMP announced this on February 1, 2022.

The corporate mobility market has made a huge step forward against the background of the general digitalization of enterprises. About 90% of the companies surveyed already have a formalized digital reformation strategy, and mobile solutions are part of it, primarily as a tool for obtaining data and improving employee performance. At the same time, the task of digital transformation, which is based on the use of data at all stages of decision-making, has brought the problem of information security to the fore.

According to the results of the study, IDC analysts determined the current state of the corporate mobility market, noting, in particular, that:

• The use of mobile devices in the enterprise environment will be expanded through strategic digital enterprise initiatives;
• Increased investment in enterprise mobile solutions will continue, as enterprises will be more responsive to the work of different categories of employees in order to improve their efficiency;
• Further development of corporate mobility is impossible without the creation of a reliable secure environment in which corporate data is transferred and processed.

Some of the results of the study in numbers:

• 86% of respondents consider the use of enterprise mobile devices to solve problems of corporate mobility to be the most acceptable;
• 73% of participants consider corporate mobility a tool to improve the efficiency of the company, and 62% - to increase employee productivity;
• 58% of respondents believe that eliminating the possibility of transferring data to the cloud outside the Russian Federation will make corporate mobility solutions more popular;
• 52% of respondents consider the security of corporate data and their transmission and processing infrastructure to be the main obstacle to the wider spread of corporate mobility solutions.

Russian companies and organizations need to build a comprehensive strategy for the development of corporate mobility, taking into account the risks associated with the use of foreign-made devices and software. This applies to both internal risks associated with regulatory requirements and external risks arising from the possible cessation of the supply of new technologies, the cancellation of support for acquired solutions, as well as external interference, "said IDC Research Director Russia and SNGelena Semenovskaya. "Further penetration of mobile solutions into the business processes of companies will contribute to a more detailed assessment of risks and increased interest in creating a corporate trusted mobile environment."

The survey involved directors of, and information technology information security digital transformation. Among the respondents were representatives of companies engaged in production construction and the provision of professional, - and transportlogistic utility services, as well as - oil and gas sector a total of 105 companies with a staff of 1,000 employees.

2020

97% of organizations in the world were attacked by mobile devices

40% of small businesses recorded cyber attacks on employees' personal devices

According to a Kaspersky Lab study, 85% of employees of Russian companies, whose staff does not exceed 50 people, use personal devices for remote work during the pandemic. This was announced by the Laboratory on June 9, 2020.

2014

42% companies lose over $250,000 from mobile security incidents

Check Point Software Technologies published a study on mobile security in October 2014. According to him, 95% of IT professionals surveyed face difficulties in protecting and supporting the BYOD concept. This highlights the need for more robust security solutions for personal devices attached to enterprise networks.

The Check Point study "The Impact of Mobile Devices on Information Security" is based on a survey of almost 800 IT professionals in the USA, Australia, Canada, Germany and the UK. The findings highlight the growing challenge of transferring critical corporate information beyond the corporate environment. The report examines in detail the potential threats to mobile security arising from the lack of awareness of employees in the field of IS and lack of proper training.

Key findings:

• The biggest threats are within the organizations themselves - 87% of the professionals surveyed are sure that the biggest problem in the field of mobile security lies in the carelessness of the employees themselves. Almost two-thirds of respondents are sure that the latest high-profile data breaches are associated with employee negligence.
• In corporate networks, the spread of personal mobile devices continues - Despite employee negligence, which provides attackers with the easiest access to corporate data, 91% of IT professionals noted an increase in the number of personal mobile devices connecting to the networks of organizations over the past two years. In 2014, 56% of respondents managed corporate data on employees' personal devices, compared to 37% in 2013.
• The number of mobile security incidents is expected to increase - 82% of IT professionals expect an increase in the number of security incidents in 2015. In addition, 98% expressed their concerns about the impact of mobile security incidents, especially noting the loss and theft of information.
• The cost of mobile security incidents will continue to increase - 2014 showed an increase in the cost of eliminating the consequences of mobile security incidents. 42% of the professionals who took part in the survey noted that their organizations cost mobile incidents over $250 000.
• Android is still considered as the platform with the greatest security risks - The share of risks for Android increased from 49% in 2013 to 64% this year. Thus, this platform has the highest level of risk compared to Apple, Windows Mobile and Blackberry.

75% of apps on employee gadgets are dangerous for employers

More than 75% of mobile applications do not meet basic corporate security requirements, said research company Gartner. Analysts warned that this situation will continue at least until the end of 2015^[2].

The company predicts that in 2014, users worldwide will download almost 139 billion applications to mobile devices. By 2017, this value will increase to almost 269 billion.

Over 90% of enterprises implementing BYOD strategy use third-party mobile applications. Therefore, it is so important to use the mechanisms for checking these applications, the expert emphasized.

Analysts explain that today developers mainly devote their time to the functionality of mobile applications and do not pay attention to their security. Therefore, the risks associated with the use of such programs are mainly caused not by the actions of intruders, but by the lack of any care for data in these applications.

According to Gartner, up to and including 2017, 75% of mobile application protection violations will be associated with the malfunctioning of these applications, and not with attacks on mobile devices. As an example, analysts cite an application to access any free cloud service, which can accidentally get corporate data stored on a smartphone. This situation can lead to the leak of commercial secrets.

2015: The rush to implement "clouds" and BYOD is at the expense of security

The introduction of cloud and BYOD technologies weakens the level of information security of enterprise systems, makes them more vulnerable. This was noted by three quarters of IT specialists surveyed by Trustwave^[3].

54% of the respondents surveyed by Trustwave reported increased pressure on the IP of their organizations, and 57% expect that the pressure in this part will increase. At the same time, in the large business segment, the percentage of respondents who expressed concern about the growth of cyber threats in 2015 is higher - 64%, on average and small business - 48%. The most significant group of respondents (84%) fears reputational and financial consequences, first of all, which can lead to incidents in the field of information security.

The report says that the introduction of emerging technologies like the cloud and BYOD forces to increase the level of information security. At the same time, respondents pointed to the forced need to launch cloud and mobile projects, despite the existing problems in the field of IS. Three quarters of respondents noted that they are forced to launch IT projects that are immature in terms of information security.

John Amaral, senior vice president of Trustwave, stressed: "The study showed that IB specialists, under pressure from business or due to lack of resources, often make the wrong decisions that they consider correct."

"Indeed, the decision on the timing and the very fact of transferring services to the clouds and using employees' personal devices is most often a decision of the company management," said Nikolai Ostapolets, director of the integrated solutions department of Informzaschita. - These technological changes lead to a serious increase in the boundaries of information protection. The lack of sufficient time to prepare and design security systems makes it more administrative and restrictive to work with information, which prevents the benefits of cloud and mobile technology from being fully exploited. "

Respondents noted problems like the discrepancy in the number of employees involved in information security problems, the increase in the number of cyber threats, pressure from top management, which requires data protection despite a lack of resources. 70% of respondents consider the current protection against cyber attacks reliable, but 84% would like to increase the staff of information security specialists. More than half do not mind doubling the IB team, and a third want its quadruple growth.

Kaspersky Lab conducted a survey in Russian companies and, according to this information, cloud technologies in Russia are more popular than the average in the world:

• 56% of Russian companies use server virtualization,
• another 8% plan to implement it over the next year.
• virtual workstations (VDI) have been implemented in a quarter of companies,
• 14% plan to do this soon.

The protection of such infrastructure is noticeably worse, as the survey showed:

• 18% of Russian companies have taken all measures to ensure the information security of cloud environments,
• 65% of organizations partially implemented protection,
• 14% of companies don't think about it yet.

Regarding mobile device protection, according to Kaspersky Lab survey:

• 31% of Russian companies in 2014 paid attention to device protection using security control systems (Mobile Device Security Technologies),
• 24% planned to implement such solutions during 2015
• 14% used MDM systems (Mobile Device Management),
• 16% of companies planned their implementation in the future.

Statistics of threats to mobile devices according to Kaspersky Lab 2014 revealed more than 4.5 million malware for. operating system Android

"The security of clouds and wearables is increasingly worrying for Russian companies, which is directly related to the increase in the level of penetration of virtualization and BYOD technologies into the IT infrastructure of companies," summarizes Denis Legezo, Kaspersky Lab antivirus expert.

How to Enhance Security with BYOD

If you want to let employees use their own devices to work, you need to take some security steps. The following 10 tips will help you with this.

1. Hire a security consultant with mobile experience. 92 per cent of security breaches are found by third parties. A good consultant can not only strengthen your security, but also help you find solutions that you did not even suspect.
2. Install MDM/MAM-software (mobile device management and mobile application management) to manage mobile devices and their security. This is an extremely powerful software that can control security settings subtly enough. This software is produced by several vendors, consult with representatives of other companies, choose the appropriate solution.
3. Require VPN connectivity for all devices. This is standard practice. If you do not have it in your company, it is time to start. The security consultant should be able to help you find the right hardware and software to run the VPN.
4. Require devices to be locked with strong passwords. You'll be surprised when you find out how many people don't even protect their devices with simple passwords.
5. Require data encryption on your devices. To access enterprise data from their devices, employees must pre-configure encryption on them. All data downloaded to the user device must be stored on it in encrypted form.
6. Require antivirus software to be installed . Quite obvious recommendation. You cannot use computers without any malware protection . You can require employees to install company-approved antivirus software.
7. Implement access control sheets and firewalls. It may seem too complicated, but in fact everything is simple enough. A good security advisor helps you close unwanted access to sensitive data and files.
8. Control access to files. Any reference to a valuable file must be recorded and marked. Including automatic calls from service processes such as SFTP.
9. Set up suspicious activity alerts. Based on the access logs described in paragraph 8, configure alerts for unauthorized access attempts and other suspicious activity. Often during attacks, hackers try to remove logs, the absence of log files should also serve as a reason for raising alarms.
10. Set the limit for downloading and installing programs. Programs must be downloaded and installed either from one validated resource or from the company's own application store. Many sites that distribute applications do not monitor the presence of malware among them. Employees of the company should install applications only from reliable sources. The best way to protect this is to distribute the software in its own way.

97% of security breakthroughs could be avoided if basic (strong passwords, antivirus software) and more advanced (firewalls, VPN) measures were provided.

Recommendation from BalaBit:

• Implement IT policies that prevent users from sharing logins and passwords. Even if the password was changed as soon as possible after granting access to a colleague, the security of the corporate network can be compromised.
• If an employee needs to complete a task on behalf of another person, additional training is required. Grant the "alternate" temporary access to the appropriate account or use the digital data store to log on to the network. This allows you to protect user credentials (passwords, private keys, certificates) when accessing the desired server, even when using shared credentials (for example, root).
• Make sure that your company's policies allow you to work in safe mode, because efforts to prevent data breaches will be significantly less than minimizing business risks and compensating for subsequent reputational losses.
• Require secure access (via VPN, SSL, or bastion mode) and authentication if the network is logged on from an unregistered device.
• Monitor user activity in real time and set alerts (or block the session) when suspicious activity is detected on the network. Unlike multi-layer control, the use of monitoring will help prevent data leaks by detecting atypical user actions.

Employees use their own devices with some challenges, such as security and IT support

The main problems of BYOD respondents called security/privacy and the need for IT support for many mobile platforms.

The growing number of devices requires new policies and a cost-control approach. According to Cisco IBSG, only 14% of BYOD costs are related to equipment. Cisco Consulting also notes the importance of choosing the right management and technical support models to control these costs.

78% of senior executives from Europe and the United States report that their employees use their personal devices to work - these are the results of a study conducted in the summer of 2012 by Forrester Consulting analysts commissioned by Trend Micro. These results are supported by the findings of another study performed by Decision Analytics with the support of Trend Micro. All the data collected suggests that consumerization has affected all companies to one degree or another, and the risks it carries for information security are recognized at the highest level of business management.

A study conducted by Forrester Consulting showed that consumerization programs are implemented by the majority (78%) of companies. At the same time, 60% of respondents reported that smartphones became the basis of their BYOD strategy, and 47% of companies deploy BYOD environments based on laptops and tablets. 70% of respondents cited the opportunity to increase the efficiency of employees as the reasons for the introduction of BYOD programs.

However, a study by Mobile Consumption Trends & Perceptions showed that the vast majority (83%) of companies implementing BYOD programs require employees to install protective software on their personal devices as a precaution. In addition, according to Trend Micro, 86% of IT executives from the USA, Great Britain and Germany consider data protection on smartphones to be the "number one problem" in terms of consumerization.

All researchers agree that today consumerization is the daily reality of most large companies. The authors of the Mobile Consumption Trends & Perceptions report give the following figures: in half (47%) of companies that allow employees to connect their personal devices to the corporate network, there were data leaks. As a rule, when such problems are detected, the first measure of protection is the modification of security protocols. As corrective measures, companies choose to impose access restrictions (45% of respondents) and install protective software (43% of respondents). 12% of companies after such an incident decided to curtail the BYOD program until they were convinced of the reliability of the protection measures.

10 myths about BYOD and mobile security

The problems created by the arrival of BYOD (use of personal devices for work) cannot be solved by means of IT alone. Experts help dispel some false views in this area. (Robert Westervelt, CRN/USA)

Organizations seek to limit access from personal devices in order to protect corporate data, but the main thing that needs attention is the risk of losing the device itself and the likelihood that by too limiting the freedom of employees, they can reduce their productivity. These conclusions are based on the results of the BYOD & Mobile Security 2013 study conducted by the Information Security Community on the LinkedIn website commissioned by Lumension Security Inc.

IB companies such as start-up Bluebox say organizations are better off looking at new mobile security practices rather than applying traditional technologies in a changed environment.

Consider some myths about BYOD and mobile security, as well as the recommendations of experts in this field: how to not only better protect devices in organizations, but also ensure the confidentiality of employees themselves.

At the end of 2013, Kaspersky Lab, together with the B2B International analytical agency, conducted a study to find out how companies relate to the Bring Your Own Device (BYOD) policy - the use of personal devices at work. The study shows that almost two-thirds of Russian companies welcome or do not limit the use of mobile devices by employees for working purposes.

According to the results received, representatives of Russian companies less often than their foreign colleagues see a threat to business in the use of personal devices of employees within the framework of corporate infrastructure. A little more than half of respondents (57%) recognized the BYOD trend as threatening, while worldwide this figure was 65%, CNews the company said.

Based on the rest of the data, Kaspersky Lab experts concluded that Russian entrepreneurs currently have mixed feelings about BYOD. On the one hand, they understand that the use of mobile devices by employees in many cases increases efficiency - 29% of companies strongly welcome this trend. On the other hand, BYOD-related threats alert 32% of enterprises that are trying in every way to limit the number of personal devices used. A complete ban on smartphones, tablets and laptops is imposed in 6% of companies. First of all, this is based on the fear of losing important corporate data - 42% of respondents consider this to be the main risk associated with BYOD.

MDM threatens privacy

When an employee finds out that the organization has a mobile device management system (MDM), requiring the use of a PIN or remote erasure, he may have a question: to what extent does IT personnel control his device? According to Bluebox, the correct implementation of MDM cannot cross the boundaries of privacy: it should not track all actions on a personal device or read personal data, and this fact should be communicated to all employees.

The most dangerous is malware

According to a study on the LinkedIn website, which involved 1600 IT administrators, data loss is a much more dangerous threat to organizations (as 75% of respondents say against 47%, respectively). The loss or theft of a mobile device invariably acts as the main threat in most studies on this topic. Studies of F-Secure,, and McAfee Symantec others on mobile malware ON have shown that its main sources are, and Asia Russia Vostochnaya, and Europe most often it comes in the form of Trojan SMS messages that charge increased fees without warning.

MDM Exhausts Mobile Security Tasks

MDM gives organizations more control over employees' personal devices and their access to the corporate network. But the ultimate goal of mobile security should be comprehensive data protection, Bluebox emphasizes, since data easily moves from devices through applications to the cloud, leaving its many copies in the way. Experts point out that data encryption and improved provisioning systems can improve security.

MDM is widely used

Gartner, Forrester Research and other analytics firms counted more than two dozen MDM vendors competing for market share. However, experts say that most of them provide only basic security measures. On the other hand, remote erasure and password enforcement can be achieved through the ActiveSync mobile synchronization service offered by Microsoft. About 60% of organizations did not implement the BYOD strategy, as follows from the answers in the survey for LinkedIn, and a quarter of respondents say that such policies and procedures are just beginning to be developed by them.

BYOD prohibition guarantees security

IT administrators indicated that 28% of all enterprise data is called from mobile devices, and this data can be accessed by more than 50,000 office applications, regardless of whether they are intended for mobile devices. Bluebox emphasizes that organizations should carefully analyze possible weaknesses in their basic information systems that office applications can access.

BYOD is something new

Educational institutions, including universities, have been faced with the phenomenon called "BYOD" for many years and have managed to develop a number of methods and policies to put boundaries. A Bradford Networks study of more than 500 IT professionals from K-12 colleges, universities, and school districts (in the US) found that network access control (NAC) is an important part of their mobile security strategy. Almost 90% of those surveyed in higher education allow the use of personal devices, and 56% say their BYOD policy is automated through NAC.

Organizations create application storefronts

Some MDM platforms allow organizations to manage enterprise storefronts using third-party whitelisting and publishing their own business applications to access enterprise resources. Still, a study on the LinkedIn showed that only 41% of organizations create mobile applications for their employees, and only 18% plan to do this in the future.

Introduction of containers guarantees security

Daniel Brodie, an IB researcher at Lacoon Mobile Security, presented a report at the BlackHat Europe conference, where he showed how to bypass containers using tracking tools embedded in the victim's device. Malware for PCs already uses applications and browser components that use containers or sandboxes to get to data. Unfortunately, I have to recognize Bluebox, there is no absolutely reliable way to firmly lock corporate data.

The main thing is more control

Almost 60% of users "bypass" mobile security features because they reduce their productivity, as a survey on LinkedIn showed. Experts recommend finding the right balance in the issue of permits and prohibitions. In today's world, where the user begins to rule, security tools should be aimed exclusively at corporate data, Bluebox emphasizes.

DLP will protect mobile devices

The data loss prevention system (DLP) provides that either all data can only pass through a fixed perimeter, or heavy software is launched on the terminal device. Neither approach works when corporate data comes from anywhere and goes anywhere, says Bluebox. In the new situation, organizations should consider new approaches rather than using traditional protection technologies blindly. The IB department should consider managing data wherever it is as the first line of defense, Bluebox emphasizes.

KPMG: Mobile security: from risk to revenue

The widespread use of mobile services, along with quite frequent incidents in the field of information security, make you think about what risks threaten the privacy of personal and corporate information. Mobile users want to be sure that their information is protected. 62% of consumers of goods and services admitted that they fear a leak of personal data.

Annual losses of the world economy from cyber attacks on users are estimated at more than 110 billion US dollars; in Russia, this figure exceeds 1 billion US dollars (the same in Japan and Australia, in Europe - 13 billion, in the USA - 38 billion). At the same time, it is in Russia that the most victims of cybercrime are 85%, China is second (77%), South Africa is third (73%) (Norton Report "Norton Cybercrime Report 2013").

In addition to personal information such as contacts, bank card numbers, email addresses, photos, etc., mobile devices, becoming part of the IT infrastructure of organizations, also contain important corporate information, provide access to data circulating within the company's networks. Increasingly, organizations allow employees to use their personal mobile devices to work with corporate data and programs (BYOD - Bring your own device). YAT&T Inc, for example, between 2007 and 2012, growth in wireless traffic amounted to 20,000%, primarily due to the universal use of smartphones.

In more than 90% companies surveyed by Kaspersky Laboratory (2,895 interviews, of which 356 are from Russia), incidents related to information security problems occurred at least once over the past 12 months. 65% of respondents see the main reason precisely in the use of personal mobile devices for corporate purposes. The least among those concerned about the development of BYOD, Russians - 57% (for comparison, in Japan 93%) (Kaspersky Lab report "Global corporate IT security risks 2013").

By installing mobile applications uncontrollably, agreeing to the terms of the license agreements, without reading them, clicking on links from unknown people or on social networks, reading QR codes in elevators, magazines, sites and other sources, people pose a threat to the data that is remotely accessed by this device. Obviously, business needs to address issues that arise from the widespread spread of mobile devices. Organizations need to develop and implement sufficiently stringent policies to reduce the likelihood of certain risks of corporate data leakage. Security features for mobile devices must be implemented, including mandatory password protection and remote erasure to remove sensitive information in the event of theft or loss. At the end of 2012, only 14% of companies have such deployed policies for the safe use of mobile devices within the corporate network. 20% of Russian respondents said that their companies do not have information security policies at all, 46% do not have enough time and budgets for their detailed study, 34% believe that their policies are worked out in detail (Kaspersky Lab Report "Global corporate IT security risks 2013").

Many users do not even imagine that the company has rules for the use of mobile devices: for example, 36% claim that their company does not have rules regarding the use of personal devices for working purposes. 49% of respondents use service devices to send personal emails, 24% of users store personal and service files in the same account (Norton Report "Norton Cybercrime Report 2013").

Demand for information security services can create "greenhouse" conditions for the development of innovative solutions. In order to survive in the long term, telecom operators, in addition to services for transmitting a type of traffic, must also offer "smart services." These can be services for identifying fraudulent transactions from a mobile device, services for identifying suspicious malicious behavior of mobile applications, including sending personal data to third parties. It can also be services for managing personal identity, accounts, and passwords. Operators can offer traffic analysis, identification of data leaks, malicious activity, software computer attacks and security threats to their corporate customers. In addition telecommunication , operator and sector partnerships information technology have the opportunity to offer customers services to develop solutions for creating a secure IT infrastructure that allows distributed work and the transfer of corporate information without worrying about its security.

According to the KPMG study, among the specific steps that can significantly reduce the risks of using mobile devices for corporate purposes, the heads of IT departments of American and European companies noted: the possibility of remote blocking and destruction of data if the device is lost or stolen (83%); Ability to encrypt data on the device (76%) encryption of mail sessions, traffic for specific applications, or mobile VPN (71%).

Oracle: security issues constrain development of BYOD concept in Europe

Oracle Corporation published the Oracle European BYOD Index Report in March 2014, which reveals the current attitude of business representatives in Europe to the BYOD concept.

The report shows some impressive numbers:

• 44% (about half) of European companies currently do not approve of the BYOD concept or allow its use only in exceptional circumstances
• 29% of companies use BYOD devices only by managers
• 22% of companies are strictly prohibited from posting data or information on BYOD devices, and 20% of companies do not have any rules
• More than half of companies do not manage smartphones as part of BYOD program
• Information security is the most important concern - respondents are concerned about the protection of devices (45%), applications (53%) and data (63%)

The results of the study also show that many of these concerns are related to a lack of awareness of the possibilities of modern security solutions:

• 37% of respondents have never heard of container (separation of corporate and personal data)
• Almost a third of respondents do not use Mobile Device Management technology
• 22% of respondents have never heard of Mobile Application Management technologies
• Proponents of the BYOD concept have broader views, using tablets and smartphones as BYOD devices, they successfully cope with many security problems and are ready for a significant development of this concept in the future

"Apparently, the security problem is forcing many organizations in Europe to abandon the BYOD concept and resist its development," said Sukhas Uliyar, Oracle vice president of Mobile Strategy Product Management. - However, technologies such as container, full encryption, and device and application management integrated with a single enterprise identity store are now available in Oracle's mobile technology portfolio and are being deployed by the world's largest Global Fortune 100 organizations. Such technologies can protect BYOD and COPE environments (personal use by employees of devices owned by the company, including for personal purposes). It is necessary that the members of the BYOD ecosystem explain this to their companies. This can lead to a significant increase in the number of European organizations that realize the benefits of BYOD. "

As part of the Oracle European BYOD Index study, Quota, on behalf of Oracle, conducted a survey among 700 European companies regarding the BYOD concept (Bring Your Own Device, employees use their own devices to perform work tasks). In many regions, implementation of this concept has been curtailed, mainly due to concerns about the protection of business data and user identities on devices, as well as application security.

Organizations that practice BYOD have advantages such as reducing IT costs and improving user efficiency compared to organizations that abandon this concept. Currently, there are solutions that offer advanced security controls for enterprise and personal devices and simplify the work of users.

Organizations can flexibly define access rights to corporate information from user devices and maintain more detailed control by isolating corporate and personal data, ensuring secure access to corporate applications and reliable data management.

Supporters and opponents

Among the respondents, two groups can be distinguished - organizations that use BYOD devices (supporters), and organizations that refuse to use them (opponents).

• 83% of supporters manage smartphones and tablet devices as part of the BYOD program. 73% of opponents do not include smartphones in their BYOD approach
• Two thirds of opponents (and only 6% of supporters) express serious security concerns. If you consider specific aspects of security:
• 86% of opponents (and only 21% of supporters) are seriously concerned about data and information protection
• 65% of opponents (and only 7% of supporters) either do not manage the protection of data and information, or store them on devices unencrypted
• Supporters are aware of available technologies - for example, about 80% of supporters (and only 12% of opponents) use any means of managing mobile applications
• Proponents are preparing for changes - more than 2/3 of them either recognize the need to make changes to BYOD devices or approaches, or see that this market is becoming more complex, while only 11% of opponents share such views.

"A

properly implemented BYOD concept can truly deliver significant benefits to companies, including increased employee productivity, reduced IT hardware costs, and the ability to attract the best young professionals more successfully," said Clive Longbottom, Quocirca Research Director. - It is encouraging that some organizations across Europe are using BYOD to gain such benefits, however, the results of the Oracle BYOD Index study have found a real cause for concern in the reluctance of many others to recognize the development of BYOD in and around the companies and to make such changes in their interests. "

Differences by country and industry

Countries:

• The countries of Scandinavia and the DCH region (Germany/Switzerland) are leading in the overall maturity of the BYOD approach, their index values ​ ​ were 5.65 and 5.32, respectively.
• Iberia (Spain and Portugal) and Italy face the greatest difficulties in applying the BYOD concept, as evidenced by their indices 3.87 and 4.05. These countries also have the largest proportion of BYOD opponents.

Industries:

• In general, the telecommunications industry is the leader, with an index value of 6.98, followed by the media industry with an indicator of 6.43.
• At the other end of the scale are financial services with a score of 3.96, as well as the public sector, which received only 3.31.
• Interestingly, in the media industry the largest share of supporters, and in the financial services industry the smallest; in the public sector, the largest share of opponents, and in the telecommunications industry the smallest.

Read also

• Corporate Mobility Market Structure
• 1990.E2.80.931995 History of Russian corporate mobility
• Overview: Mobile Technology for Business
• Russian Mobile Business Application Market

• Mobile Device Management (MDM) Mobile Device Management
• Mobile Device Management Class Product and Project Catalog
• Mobile application management (MAM)
• Mobile content management (MCM)
• Global Corporate Mobility Market