SANS First Annual Survey Results on Mobility Security: Lack of Awareness, Chaos Pervades with BYOD

Apr 02, 2012, 09:15 ET from SANS Institute

BETHESDA, Md., April 2, 2012 /PRNewswire-USNewswire/ -- SANS will be hosting a complimentary webcast on April 12, releasing the results to the First Annual Survey on Mobility Security.

In December, SANS launched its first ever mobility survey to discover if and how organizations are managing risk around their end user mobile devices. What SANS discovered was that only 9 percent of organizations felt they were fully aware of the devices accessing corporate resources, while half felt only vaguely or fairly aware of the mobile devices accessing their resources.

"Another interesting note (that aligns with what we saw on the vendor side at the RSA Security Conference in March) is that organizations are reaching for everything at their disposal to manage this risk," says Deb Radcliff, executive editor, SANS Analyst Program. "Among them are user education, MDM (mobile device management), logging and monitoring, NAC and guest networking, and configuration controls."

Fewer organizations (less than 20 percent) are using end point security tools, but of those, more are using agent-based tools rather than agent-less.

"More than 60 percent of organizations today allow staff to bring their own devices," says SANS Senior Instructor and survey author Kevin Johnson. "With this type of permissiveness, policies and controls are even more important to help secure our environments."

SANS will release full results and a link to a copy of the report during a webcast on April 12, 2012 at 1:00 PM Eastern Daylight Time. To register for the webcast and sign up for a copy of the paper, please visit:

About SANS Institute
The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and by far the largest source for information security training and security certification in the world. In addition to world-class training, SANS offers certification via the ANSI accredited GIAC security certification program. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, newsletters, and it operates the Internet's early warning system - the Internet Storm Center. At the heart of SANS are the many security practitioners in varied global organizations from corporations to universities working together to help the entire information security community.