Symantec Corp. (Nasdaq: SYMC) recently announced the results of its 2012 State of Mobility Survey, which revealed a global tipping point in mobility adoption. The survey highlighted an uptake in mobile applications across organizations with 71 percent of enterprises at least discussing deploying custom mobile applications and one-third currently implementing or have already implemented custom mobile applications.
Despite this adoption, almost half (48 percent) of survey respondents mentioned that mobility is somewhat to extremely challenging and a further 41 percent of survey respondents identified mobile devices as one of their top three IT risks. Yet in the face of these challenges, IT is striking a balance between mobile benefits and risks by transforming its approach to mobility to deliver improved business agility, increased productivity and workforce effectiveness.
“We are impressed by the pace of mobile application adoption within organizations,” said CJ Desai, senior vice president, Endpoint and Mobility Group, Symantec. “This cultural change from refusing mobile devices not long ago, to actively distributing and developing mobile applications, has introduced a new set of challenges and complexities for IT staff. Encouragingly, from a security perspective, a majority of organizations are thinking beyond the simple case of lost or stolen mobile phones.”
The State of Mobility Survey reveals the challenges organizations are grappling with in accommodating the mobility tipping point and also identifies and quantifies mobility-associated risks as perceived by IT decision makers. In this survey, more than 6,000 organizations from 43 countries bring to light the change in the usage of mobile devices and mobile applications.
Click through for findings from Symantec’s 2012 State of Mobility Survey, as well as recommendations for successful mobility adoption.
The significant adoption of mobile applications demonstrates remarkable confidence, by organizations, in the ability for mobility to deliver value. This confidence is further supported by a rare alignment between expectations and reality.
Generally, the gains expected from new technologies far exceed the reality upon implementation. However, for the smartphones and tablets currently in use, 70 percent of those surveyed expected to see increased employee productivity, yet 77 percent actually saw productivity gains after implementing. Furthermore, 59 percent of respondents are now relying on mobile devices for line-of-business applications, another sign that mobility has graduated to mainstream status.
As with the adoption of any new technology, mobility is challenging IT organizations. Almost half (48 percent) of respondents mentioned that mobility is somewhat to extremely challenging, while two thirds noted that reducing the cost and complexity is one of their top business objectives.
In Symantec’s view, this increased pain level indicates the transition from small pilots and tactical implementations — where policies are often bypassed and exceptions are made — to enterprise-wide deployments where policy standards across a larger scale introduce greater complexity. This also suggests that many implementations are not yet taking sufficient advantage of their existing enterprise systems and processes, which would alleviate much of the pain and cost that comes with larger scale and resource duplication.
Mobile adoption is not without risks, and IT organizations recognize this challenge. Approximately three out of four organizations indicate maintaining a high level of security is a top business objective for mobility and 41 percent identified mobile devices as one of the top three IT risks, making it the leading risk cited by IT. Concerns are wide-ranging, from lost and stolen devices, data leakage, unauthorized access to corporate resources and the spread of malware infections from mobile devices to the company network.
With mobile devices now delivering critical business processes and data, the cost of security incidents can be significant. The average annual cost of mobile incidents for enterprises, including data loss, damage to the brand, productivity loss and loss of customer trust was USD $429,000 for enterprise. The average annual cost of mobile incidents for small businesses was USD $126,000.
Organizations that choose to embrace mobility, without compromising on security, are most likely to improve business processes and achieve productivity gains. To this end, organizations should consider developing a mobile strategy that defines the organization’s mobile culture and aligns with their security risk tolerance. The following are five key recommendations organizations should consider.
Mobility offers tremendous opportunities for organizations of all sizes. Explore how you can take advantage of mobility and develop a phased approach to build an ecosystem that supports your plan. To get the most from mobile advances, plan for line-of-business mobile applications that have mainstream use. Employees will use mobile devices for business one way or another — make it on your terms.
Build a realistic assessment of the ultimate scale of your mobile business plan and its impact on your infrastructure. Think beyond email. Explore all of the mobile opportunities that can be introduced and understand the risks and threats that need to be mitigated. As you plan, take a cross-functional approach to securing sensitive data no matter where it might end up.
Mobile devices are legitimate endpoints that require the same attention given to traditional PCs. Many of the processes, policies, education and technologies that are leveraged for desktops and laptops are also applicable to mobile platforms. So the management of mobile devices should be integrated into the overall IT management framework and administered in the same way — ideally using compatible solutions and unified policies. This creates operational efficiencies and lowers the total cost of ownership.
As more employees connect their personal devices to the corporate network, organizations need to modify their acceptable usage policies to accommodate both corporate-owned and personally-owned devices. Management and security levers will need to differ based on ownership of the device and the associated controls that the organization requires. Employees will continue to add devices to the corporate network to make their jobs more efficient and enjoyable so organizations must plan for this legally, operationally and culturally.
Look beyond basic password, wipe and application blocking policies. Focus on the information and where it is viewed, transmitted and stored. Integrating with existing data loss prevention, encryption and authentication policies will ensure consistent corporate and regulatory compliance.