Quocirca Reports | Quocirca Articles | Key Analysts | Questions & Answers
Mobile Security and Responsibility
Taking the Right Attitude to Secure Mobile Technology.
When companies extend their business IT operations to mobile employees, their risks are increased as valuable software, data and devices are taken out of the protected perimeter of the office, and placed in the pockets, pouches and briefcases of users. Business processes may run more efficiently, and employer and employee have more flexibility in how they conduct the working practices, but do both parties gives sufficient attention to their responsibilities. There is a tendency to believe that where there are challenges with a particular use of technology, the solution is to apply yet more technology, but this is of little benefit if the attitudes to its use are complacent or irresponsible.
Key Findings

  • Workplace flexibility is at least as important a driver for mobility as productivity
    While efficiency and productivity are clearly important justifications for adopting new technology, workplace flexibility is the top reason for interest in mobile technology for three quarters of IT professionals. However, those companies that deploy the technology most widely are those with a corporate strategy for mobile working.
  • Mobile security policies are described as "vital" but largely not well implemented
    While the vast majority of IT professionals believe it is vital for security policies to cover the use of mobile, wireless or cellular devices, a third do not have such a policy in place. Although this is less for those with more widespread deployment, still one in five of those companies with broad deployments of both wireless laptops and smart handheld devices do not have effective policies in place for mobile security.
  • Users are recognised as a problem, with attitudes that are often irresponsible and careless
    It is widely realised that mobile users create more challenges than the technology, and alarmingly, a significant percentage of companies think their mobile users have an irresponsible attitude to security, even among those with experience of broad usage.
  • Over-communication helps generate the right attitudes to user responsibilities
    While intranets and emails are default ways to explain policy, many companies take advantage of two-way communication through training, employee induction and management. This is more pronounced for those with experience of larger deployments, and these companies are more likely to believe their users understand what they have to do and more likely to behave responsibly.
  • Many organisations are not setting the right examples
    Most recognise that security is a shared responsibility between organisation and individual employee, but even where security policies are present they are not strictly enforced in over a third of companies. There is a lack of clear leadership from the organisation, and uncertainty as to whether employees in senior positions take security sufficiently seriously.
  • IT managers are cautious and pessimistic about the difficulties caused by mobile devices
    While plenty of emphasis is placed on security, and most IT managers believe smart handheld devices should be protected by a PIN or password, a worrying one in five do not regard a mobile security policy as vital. Half believe mobile users have an irresponsible attitude to mobile security and although many users are given at least some choice of device, IT managers prefer to have a single corporate standard for everyone.
  • But general business managers optimistically tend to underestimate the problem
    While most believe a mobile security policy is important, a third do not believe this to be vital, and are more likely to believe that users are responsible than do IT managers. They are twice as likely to allow users to choose whatever device they want, and would tend to leave it to individual users to decide whether they want to use a password or PIN on their device.