SANS Announces Results of its 2013 Mobile Security Policy and Management Survey

Organizational Pressure to Adopt BYOD; Controls Lag Behind Use

BETHESDA, Md., Dec. 2, 2013 /PRNewswire-USNewswire/ -- SANS announces results of its 2013 mobile security policy and management survey in which 576 IT professionals answered questions about the use of employee-owned devices within their organizations (termed bring your own device or BYOD), awareness and concerns over risk, and how they are (or are not) managing this risk. The survey was sponsored by TCG and the SANS Internet Storm Center.

The professionals who took this survey represent the front lines of IT, setting policy for mobile device use, managing deployments of mobile devices and tackling the tough technical challenges associated with meeting the mobile device operational requirements of end users while maintaining the security requirements of the organization.

"Organizations are feeling the pressure of BYOD adoption, with or without policy and security tools to manage the deployments," says survey author Joshua Wright.  "Tried and true security mechanisms, such as VPN, represent the primary tools used by organizations to protect mobile data, regardless of the limitations and inflexible nature of those solutions."

From the survey, it is clear that BYOD triggers fear and loathing among respondents but is seen as the wave of the future. When asked about what types of controls are in place for such usage, respondents indicated that 48% rely on user education and awareness, while a disconcerting 23% have not deployed any controls. It is encouraging that respondents overwhelmingly agreed that they are not confident with their existing policies.

"Even though convenient access to email is the number one app for enterprise data access, increased adoption of CRM and ERP mobile apps will inevitably increase the mobile risk surface for enterprise networks," Wright adds.

Results and suggestions for updating application controls and device management and reporting will be released during a webcast on Tuesday, December 10, at 1 PM EST. To register for the complimentary webcast please visit www.sans.org/info/144867

Those who register for these webcasts will be given access to an advanced copy of the associated report developed by Joshua Wright.

The SANS Analyst Program, www.sans.org/reading_room/analysts_program, is part of the SANS Institute.

About SANS Institute
The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest source for world-class information security training and security certification in the world, offering over 50 training courses each year. GIAC, an affiliate of the SANS Institute, is a certification body featuring over 25 hands-on, technical certifications in information security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet's early warning system—the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to help the entire information security community. (www.SANS.org)

SOURCE SANS Institute