Symantec Corp. has announced the results of its 2012 State of Mobility Survey, which revealed a global tipping point in mobility adoption. The survey highlighted an uptake in mobile applications across organisations with 75 percent of New Zealand enterprises at least discussing deploying custom mobile applications (compared with 71 percent globally) and 35 percent of New Zealand organisations (compared with one-third globally) currently implementing or have already implemented custom mobile applications.
Despite this adoption, 50 percent of survey respondents (48 percent globally) mentioned that mobility is somewhat to extremely challenging and a further 38 percent (41 percent globally) of survey respondents identified mobile devices as one of their top three IT risks. Yet in the face of these challenges, IT is striking a balance between mobile benefits and risks by transforming its approach to mobility to deliver improved business agility, increased productivity and workforce effectiveness.
“We are impressed by the pace of mobile application adoption within organisations,” said CJ Desai, senior vice president, Endpoint and Mobility Group, Symantec. “This cultural change from refusing mobile devices not long ago, to actively distributing and developing mobile applications, has introduced a new set of challenges and complexities for IT staff. Encouragingly, from a security perspective, a majority of organisations are thinking beyond the simple case of lost or stolen mobile phones.”
The State of Mobility Survey reveals the challenges organisations are grappling with in accommodating the mobility tipping point and also identifies and quantifies mobility-associated risks as perceived by IT decision makers. In this survey, more than 6,000 organisations from 43 countries (including 150 New Zealand organisations) bring to light the change in the usage of mobile devices and mobile applications.
The significant adoption of mobile applications demonstrates remarkable confidence, by organisations, in the ability for mobility to deliver value. This confidence is further supported by a rare alignment between expectations and reality. Generally, the gains expected from new technologies far exceed the reality upon implementation. However, for the smartphones and tablets currently in use, 65 percent (and 70 percent globally) of those surveyed expected to see increased employee productivity, yet 69 percent (and 77 percent globally) actually saw productivity gains after implementing. Furthermore, 59 percent of respondents around the world are now relying on mobile devices for line-of-business applications, another sign that mobility has graduated to mainstream status.
As with the adoption of any new technology, mobility is challenging IT organisations. Almost half of respondents (50 percent in New Zealand and 48 percent globally) mentioned that mobility is somewhat to extremely challenging, while globally two thirds noted that reducing the cost and complexity is one of their top business objectives. In Symantec’s view, this increased pain level indicates the transition from small pilots and tactical implementations − where policies are often bypassed and exceptions are made − to enterprise-wide deployments where policy standards across a larger scale introduce greater complexity. This also suggests that many implementations are not yet taking sufficient advantage of their existing enterprise systems and processes, which would alleviate much of the pain and cost that comes with larger scale and resource duplication.
Mobile adoption is not without risks, and IT organisations recognise this challenge. Over two thirds (and approximately three quarters of organisations globally) indicate maintaining a high level of security is a top business objective for mobility and 38 percent of New Zealand organisations (compared with 41 percent globally) identified mobile devices as one of the top three IT risks, making it the leading risk cited by IT.
Concerns are wide-ranging, from lost and stolen devices, data leakage, unauthorised access to corporate resources and the spread of malware infections from mobile devices to the company network. With mobile devices now delivering critical business processes and data, the cost of security incidents can be significant. The average annual cost of mobile incidents in New Zealand, including data loss, damage to the brand, productivity loss, and loss of customer trust was USD$223,000. The average annual cost of mobile incidents globally for enterprise was USD$429,000 and USD$126,000 for small businesses globally.
Organisations that choose to embrace mobility, without compromising on security, are most likely to improve business processes and achieve productivity gains. To this end, organisations should consider developing a mobile strategy that defines the organisation’s mobile culture and aligns with their security risk tolerance.
Symantec says some key recommendations include:
• Enable broadly: Mobility offers tremendous opportunities for organisations of all sizes. Explore how you can take advantage of mobility and develop a phased approach to build an ecosystem that supports your plan. To get the most from mobile advances, plan for line-of-business mobile applications that have mainstream use. Employees will use mobile devices for business one way or another – make it on your terms.
• Think strategically: Build a realistic assessment of the ultimate scale of your mobile business plan and its impact on your infrastructure. Think beyond email. Explore all of the mobile opportunities that can be introduced and understand the risks and threats that need to be mitigated. As you plan, take a cross-functional approach to securing sensitive data no matter where it might end up.
• Manage efficiently: Mobile devices are legitimate endpoints that require the same attention given to traditional PCs. Many of the processes, policies, education and technologies that are leveraged for desktops and laptops are also applicable to mobile platforms. So the management of mobile devices should be integrated into the overall IT management framework and administered in the same way – ideally using compatible solutions and unified policies. This creates operational efficiencies and lowers the total cost of ownership.
• Enforce appropriately: As more employees connect their personal devices to the corporate network, organisations need to modify their acceptable usage policies to accommodate both corporate-owned and personally-owned devices. Management and security levers will need to differ based on ownership of the device and the associated controls that the organisation requires. Employees will continue to add devices to the corporate network to make their jobs more efficient and enjoyable so organisations must plan for this legally, operationally and culturally.
• Secure comprehensively: Look beyond basic password, wipe and application blocking policies. Focus on the information and where it is viewed, transmitted and stored. Integrating with existing data loss prevention, encryption and authentication policies will ensure consistent corporate and regulatory compliance.