The 20% of the workforce that is considered high-risk mobile also tends to create the most value for the company, according to an online survey of 4,985 US information workers.
“The really high-risk mobile population is really quite small if you are looking at the US information workforce overall”, commented Matt Brown, a Forrester researcher who worked on the report, State of the Workforce Technology Adoption 2011.
According to the survey, close to half of workers surveyed use either a laptop, tablet, or a smartphone to conduct work when they travel.
The risk posed by mobile workers was calculated based on the types of information they have access to, for example, Health Insurance Portability and Accountability Act controlled information, US export law controlled data, customer data, credit card numbers, and other personally identifiable information, Brown told Infosecurity.
“If you are going to have a risk-based conversation, how much risk do certain decisions have, like agreeing to sanction an iPad for a population of the workforce or agreeing to a smartphone accessing a particular back-office application like a CRM system, let’s have that conversation using data to understand how big the magnitude of that risk is before we make a decision”, said Brown.
The study did not explicitly examine the procedures and policies companies can put in place to reduce risk from mobile devices. “This study was of end-users of technologies….They are accountants, the finance people, the line of business managers, and the executives who use these consumer items and technologies in their day-to-day work. So they can’t really reflect much on what are the remedial actions IT can take in order to secure their devices”, he noted.
The report does recommend that companies focus on application-specific approaches to managing the risk of mobile devices, because applications are the biggest source of risk. It identified email and the calendar as the two most used smartphone applications for work, with 83% and 62%, respectively, of respondents saying that they rely on these apps the most.
“It used to be you could define a perimeter around an organization and that perimeter was one line of security. And then you had server level security and application level security that represented multiple, redundant layers of security, right down to the data layer. What we are finding with mobile devices is that application level security is getting more and more important”, Brown said. He noted that companies are taking more of a selective approach in terms of tactics to secure data for mobile devices.