• Profile mobile device support and security practices / pain points.
• Identify key features and use cases for mobile browser security product.
• Spiceworks Voice of IT surveyed IT pros in an online survey.
• Data was collected in April, 2015.
• A total of 160 completed surveys were collected.
Summary of Findings
Mobile Device Support Practices
• Among the mobile devices tested, organizations primarily support laptops/convertibles (96%). Most also support smartphones (89%) and/or tablets (86%).
• Nearly all of the organizations (90%) reported supporting at least one mobile device per employee, most commonly one or two devices per employee.
• Approximately one-third of the organizations do not have a clear preference or standard platform for the mobile devices they support. Of those who do, 33% prefer iOS, 17% prefer Windows, and 16% prefer Android.
• Nearly half of the participating organizations only allow company-owned devices to access the corporate network, and only 16% allow both company-owned and employee-owned devices to access the corporate network.
• The most common types of applications organizations allow mobile devices to access are Internet web apps (84%), followed by intranet corporate apps (61%) and extranet partner apps (40%).
• Most organizations (84%) allow mobile users to access corporate systems through an on premise LAN.
• Access to corporate assets is primarily limited to email/calendar/contacts.
Mobile Device Security Concerns & Practices
• Concern about mobile security threats is nearly universal with 99% of respondents reporting at least some level of concern.
• The attack vectors of greatest concern include malicious file downloads (57%), malicious apps (50%), leakage of sensitive data (49%) and email (48%).
– Only 29% of the respondents are concerned with browser attacks, suggesting more education may be needed on browser risk factors.
• The most common mobile device security challenge experienced, or expected, is limited end-user knowledge regarding risk (52%).
• Other key challenges include enforcing end-user policies (38%) and enforcement of BYOD policies (36%). This suggests that control is a key challenge for mobile device security.
• Organizations primarily secure the mobile devices they support with firewalls (56%), antivirus/malware software (47%), end-user education (46%), Internet filtering (46%), authentication policies (44%) and MDM (40%).
• The most important factors organizations consider for their mobile device security solutions are data protection (76%), central management (67%), and malware isolation (60%).
2015 Energy Industry Cybersecurity Report
Strategic Cybersecurity: A Toolkit for Prioritizing, Coordinating, and Transforming Your Cybersecurity Program