Organizations are getting used to the idea of individual-liable mobile devices in the workplace. As the advancements in technology made mobile devices (i.e. especially smartphones) a lot affordable for everyone, IT departments had to deal with the issue of protecting corporate information on the personal devices that happen to be outside their "control". Along with time, organizations and internal IT departments are becoming more welcoming towards these mainly consumer-grade devices, however, our data indicates that they are now putting mobile device policies in place to ensure the protection of sensitive information.
Based on our end-user survey that we fielded in Q2 2011, the majority of the organizations we surveyed stated that they have a mobile device policy specifically centered on smartphones in the workplace. In terms of industries, health care organizations came in with the highest % that have a mobile device policy (yes, even higher than government organizations) while field mobility organizations came in lowest. VDC believes that this number will only increase going forward as more organizations realize the possibility of sensitive information falling into wrong hands with a lost or stolen device, potential malware attacks directed to mobile devices, employees moving on to other jobs with your company's information on their mobile devices and not being able to control the use of unauthorized software on the personally-owned devices.
As for anticipated changes to the policy, we see organizations are getting stricter in terms of the mobile platforms and brands. While many organizations are accustomed to securing devices running on BlackBerry OS for the past couple of years, they are now being forced to provide support for multiple ecosystems (i.e. Android, iOS, Windows Phone 7). In addition to getting more specific in the list of eligible devices being provided to employees, organizations are moving towards the BYOD trend and away from the more traditional corporate-liable trend. Primary drivers to the BYOD model include achieving higher efficiencies and lower costs with partial reimbursement. Even though corporations were able to negotiate better rates with company-liable deployments, the number of employees that had mobile devices was a lot fewer since the devices were being assigned based on role in the organization.
The improvements made in mobile device and security management solutions enable more and more organizations to join the BYOD bandwagon. With the availability of these solutions, organizations are not solely relying on the common sense of their employees but can put encryption and technology enforcement into place which can include anything from written policies to remove wipe and lock. Thus, VDC believes that providing more education to the employees to raise awareness on device-specific security would be key to success to moving forward.
Also worth noting, is a topic we've written about recently on this blog is the dual persona solutions like Enterproid's Divide or BlackBerry's Balance that have emerged and may prove to be a very effective way of sandboxing work and personal mobile device profiles.