Study: More security policies needed for mobile devices

As people have begun to rely more heavily on smartphones and tablets for critical business operations within their respective organizations, there is a greater need to implement security policies governing the use of these devices. However, according to a new study from CompTIA, a non-profit trade association for the IT community, many companies have yet to develop a formal mobility policy.

In fact, "CompTIA's Trends in Enterprise Mobility" study, which was based on an online survey of 500 business and IT professionals across a variety of industries in the U.S., found that only 22 percent of companies have such a formal policy, while 20 percent of respondents said that their organizations were in the process of building policies at the time of the survey.

"Currently, the primary motivation for a business to adopt a mobility strategy is to enable a mobile workforce and ensure smooth operations," said Seth Robinson, director of technology analysis at CompTIA. "However, the ability to connect to customers in a mobile environment is increasingly important. So any mobility strategy must address the needs of two different groups with distinct needs and requirements."

Among IT professionals surveyed, 70 percent said that security considerations for mobile devices were the greatest risk involved in supporting mobility. Some other challenges faced by survey respondents included:

  • 48 percent of respondents said that the downloading of unauthorized apps was a serious concern.
  • 42 percent were concerned about the potential for lost or stolen mobile devices.
  • 41 percent of respondents were worried about the use of open Wi-Fi networks.
  • 40 percent reported concerns about USB flash drives.
  • And, 40 percent of respondents were worried about the personal use of business devices.

"Issues such as mobile device management and mobile security are really in the beginning stages," added Robinson. "Mobile strategies also involve considerations such as mobile-optimized applications and the supporting infrastructure. Are you going to allow employees to bring their own mobile devices into the workplace? Which devices will you support? Organizations will have to strike a balance between business objectives and security objectives, which may not always be in synch."

For more information about the report, which is available to CompTIA members free of charge, contact