Market Research Report

US MOBILE SECURITY: STATE OF THE INDUSTRY
cover Published by Galvin Consulting and Technology Coast Consulting
Published Product code 250603
Content info 37 Pages
Price

Introduction

Abstract

EXECUTIVE SUMMARY

In research conducted by Executive Council and Galvin Consulting on the mobile security market during July and August 2012, CISOs expressed high levels of concern over most aspects of mobile security. Much of this unease relates to trends surrounding BYOD - Bring Your Own Device - in which employees utilize their personal smart devices in corporate settings and connect these devices to enterprise networks. While increased user education and a requirement that employees be under the authority of mobile device management solutions has helped assuage some of these concerns, nearly 90% of the CISOs report that they are ‘very' or ‘somewhat' concerned about the security of data transmitted over personal smart devices within their organizations.

Closely related to issues surrounding BYOD is the lack of device-based security standards, another key mobile security concern raised by CISOs. Additional mobile security cautions include a lack of network and device visibility, lost physical assets, and the use of non-standardized storage, including services such as Dropbox.

CISOs also raised issues surrounding mobile application security, including the introduction of viruses and malware when purchasing mobile apps, along with the practice of allowing end-users to access mobile apps and the inability to revoke access once granted.

Security concerns relating to mobile device clients are another area of concern for many CISOs, particularly with regard to peer-to-peer applications, which allow users to transfer files and share information back and forth between devices. This is especially challenging in BYOD environments because corporate IT departments have very little control over the types of applications installed on personal devices and very little insight into the security and integrity of those applications.

Mobile Device Management (MDM) platforms are one tool CISOs are using to guard against mobile security breaches. Our research found generally high rankings of satisfaction with the effectiveness of current MDM capabilities. Nevertheless, a majority of CISOs do not believe MDM capabilities alone are sufficient for overall mobile security, due primarily to the immaturity of the industry, a desire by CISOs to utilize layers of control, and the inherent vulnerabilities and architectural weaknesses found in mobile devices.

The tension between IT control and end-user choice surfaced in our study results, and we found that IT control is generally ranked higher than end-user choice among CISOs. Nevertheless, security executives also recognize the benefits of mobile devices in terms of business enablement. The use of mobile tools in critical business logic and business work flow is only expected to accelerate.

As mobile devices become more ubiquitous, CISOs are expected to devote a higher percentage of their IT budget to mobile security. While a majority of CISOs are spending five percent or less of their IT budgets on mobile security currently, that percentage is expected to shift in the next 12 months, when a majority of security executives report that they will spend between six and 10 percent of their budgets on mobile security.

While our research found that a majority of CISOs are using VPN connections to deploy mobile devices today, security executives are also interested in exploring the use of application tunnels. Additionally, CISOs report a desire to replace shared keys with internal wireless networks utilizing 802.1X and network access control, technologies that are generally considered more secure than shared keys, particularly as employees increasingly connect personal smart devices to corporate networks.

METHODOLOGY

Executive Council and Galvin Consulting interviewed 100 US Chief Information Security Officers (CISOs) in July and August 2012 about the state of mobile security within their organizations. We also asked participants about their future plans for mobile security technology. CISOs were selected randomly and participated in telephone interviews.

Of the 100 CISO respondents, 23% represent organizations with over $10 billion in annual revenue, 19% are from organizations with $5-10 billion in revenue, 37% represent organizations with between $1-5 billion in annual revenue, and the remainder (21%) work in organizations with less than $1 billion in annual sales.

The firms represent a broad cross-section of vertical industries, including financial services, communications, business services, retail, manufacturing, education, health care, government, energy, media, technology, transportation, engineering/construction, wholesale/distribution, utilities, and aerospace.

All questions that used a 10-point scale designated ‘1' as the ‘least important' or ‘least satisfied' value and ‘10' as the ‘most important' or ‘most satisfied' value.

ABOUT GALVIN CONSULTING

Galvin Consulting publishes syndicated research on mobile technology, including Smartphones in the US Enterprise, Transforming Healthcare through mHealth Solutions, and Mobile Device Management: Key Considerations in Evaluating & Selecting a MDM Solution. Additionally, Galvin Consulting has supported direct clients and mid-tier research firms on custom market intelligence and primary research projects. Analyst expertise extends from mature hardware and software technology to emerging markets.

Table of Contents

Table of Contents
  • Executive Summary
  • BYOD Highlights Importance of Mobile Security Management
  • Key Mobile Security Concerns
    • Mobile Application Security
    • Mobile Device Clients
    • Connections to Back-end Systems
    • Remote Device Security
  • Mobile Security and Mobile Device Management
    • Satisfaction With Mobile Device Management Solutions
    • Cloud-Based Mobile Device Management and Mobile Security
  • Organizational Priorities And Mobile Security
  • Impact Of Mobile Security Concerns On IT Budgets
  • Interest In App Tunnels and Better Internal Wireless Networks
    • Device Deployment Supporting VPN Connections
    • Changing Strategies For Internal Wireless Networks
    • Interest In 802.1X and Network Access Control
    • Little Concern Over 802.1X and NAC Implementation Or Cost
  • Conclusion
  • Methodology
  • About Executive Council
  • About Galvin Consulting
  • Disclaimer

LIST OF FIGURES
  • Figure 1: Perception of Pervasiveness of Personal Smart Devices in US Enterprises
  • Figure 2: Percentage of US Enterprises Supporting BYOD
  • Figure 3: CISO Concern about Data Transmitted over Personal Smart Devices
  • Figure 4: Key CISO Criteria in Support of BYOD
  • Figure 5: Impact of BYOD on Measures taken for Network Security
  • Figure 6: Key CISO Mobile Security Concerns
  • Figure 7: Top CISO Security Concerns when Purchasing Mobile Applications
  • Figure 8: CISO Plans to Deploy Device Security within the Next 12 Months
  • Figure 9: Key CISO Concerns when giving End-users Access to Mobile Applications
  • Figure 10: Key CISO Concerns when Developing Mobile Apps In-house
  • Figure 11: Mobile Security Client-Related Concerns
  • Figure 12: CISO Confidence with Ability to Prevent Security Breach to Back-end Systems
  • Figure 13: CISO Satisfaction with Remote Device Management across Different OS Platforms
  • Figure 14: Best Practices for Mobile Security
  • Figure 15: Effectiveness of Current MDM Mobile Security Capabilities
  • Figure 16: Confidence in MDM Capabilities for Overall Mobile Security
  • Figure 17: Types of Vendors used to support Mobile Security Needs
  • Figure 18: CISO Confidence that Containerized Solutions Truly Separate Personal and Corporate Data
  • Figure 19: Key CISO Security Concerns with Cloud-based MDM Solutions
  • Figure 20: Organizational Priorities for Mobile Security
  • Figure 21: Percentage of Overall Budget Spent on Mobile Information Security Today
  • Figure 22: Percentage of Additional Budget Expected to be Spent on Mobile Information Security within 12 Months
  • Figure 23: Mobile Device Deployment Supporting VPN Network Connections
  • Figure 24: CISO Plans to Provide Different Levels of Access for Generic versus Enterprise Devices
  • Figure 25: CISO Interest in Utilizing Application Tunnels Instead of VPNs for Back-end Access
  • Figure 26: CISO Preference for Running Internal Wireless Networks on 802.1X and NAC
  • Figure 27: CISO Interest in Modifying Infrastructure and Processes to Support 802.1X
  • Figure 28: CISO Interest in Modifying Infrastructure and Processes to Support NAC
  • Figure 29: CISO Concern Regarding the Cost and Ease of Implementing and Maintaining 802.1X
  • Figure 30: CISO Concern Regarding the Cost and Ease of Implementing and Maintaining NAC

US MOBILE SECURITY: STATE OF THE INDUSTRY published by Galvin Consulting and Technology Coast Consulting in September 14, 2012. This report consists of 37 Pages and the price starts from US $ 900.

Back to Top