Mobile BYOD users want more security

A survey of more than 4,000 mobile-device users and IT professionals shows wildly abundant use of mobile devices, but profound concerns about security and how employee-owned devices ought to be used for business purposes.

According to the “Trusted Mobility Index,” a survey Juniper Networks undertook to explore the ongoing mobile experience in the U.S., United Kingdom, Germany, China and Japan, mobile-device users on average own three mobile devices, whether they be smartphones, tablets, e-readers or portable video game systems. Eighteen percent of the survey respondents say they own five devices. About three-quarters of respondents are already using some of their mobile devices for sensitive applications, such as online banking and medical information. But the survey reveals considerable anxiety and even confusion about security, and where they should be looking for help or handling of security incidents.

NEWS: Avaya joins crowded BYOD, MDM field 

RELATED: BYOD policy bites vacationing CEO

When asked who they hold accountable for security, there’s the general sense that they think it would be the “service provider” associated with the wireless network, or secondarily, the “device manufacturer” or “software security provider.”

Dan Hoffman, chief mobile security evangelist at Juniper Networks, says it’s evident that many people regard their service providers as they first point of contact, but service providers as of yet are not really making it part of their stated commitments to handle user security issues. “But that’s going to change,” he predicts, saying services providers are very likely to roll security services later this year, based on his own knowledge of the industry.

If a security or privacy incident occurred, 71% of the respondents claimed they would change how they use mobile services or abandon them, especially as concerns online banking, medical and work-related information.

The bring-your-own-device trend sweeping the enterprise is also causing a lot of hand-wringing. IT professionals, of whom there were about 1,500 represented in the survey, indicated that senior management and employees were pressuring IT to support BYOD. But almost half these IT professionals are concerned about future data breaches related to BYOD mobile, not to mention how to support multiple device operating systems. Nine of 10 respondents in the survey said employers should provide the security necessary to protect their personal devices used for work.

“Stealth” adoption of employee mobile devices for work is also evident, as the report notes “many employees circumvent their employers’ official mobile-device policies, with nearly half of all respondents who use their personal devices for work (41%) doing so without permission from the company.”

One-third of the IT professionals in the survey reported their company has already experienced some type of security threat associated with personal mobile devices accessing corporate data, and in China alone that number rose to 69%.

In the survey, Juniper notes that it has identified 8,608 new mobile malware samples in the first three months of 2012, doubling what was seen previously. Hoffman said a large quantity of this new malware, predominantly spyware, is related to the Google Android operating system. However, Android, which does support anti-malware software in a way than Apple iOS does not, is gaining popularity because of that, especially in government circles.

“For the government, that’s a concern,” he noted, saying Android’s more open platform design in that regard is so far proving to be an advantage in mobile-device evaluations being done now at government agencies.

Juniper Networks indicated this is the first year it has done the “Trusted Mobility Index” and intends to conduct a similar survey in coming years as well.

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security.