Nearly half of companies queried in a recent survey have nothing in
place to manage mobile data tracking, backup and archiving when it
comes to regulatory compliance, according to recent research from
the BPM Forum.
Adriano Gonzalez, vice president of strategy and programming for
the BPM Forum, said the study was devised to determine where
companies stand on mobile compliance issues. The findings, he said,
show that many companies are lagging on tightening up mobile
compliance issues.
"It's obvious that there's an issue with mobile devices in terms
of security and in terms of loss of sensitive data," Gonzalez said,
adding that the study wanted to pose the question: "How aware is
the industry around the issue of mobile device security?"
According to Gonzalez, recent research from the BPM Forum
indicates that 60% of companies are "stepping up to the challenge"
and have put some form of security in place to protect against data
leakage and fulfill compliance requirements. The remaining 40%,
however, have nothing in place at all, he said. Elsewhere in the
study, nearly two-thirds of respondents said they are moderately or
severely concerned about mobile device security breaches, while a
large minority, about 37%, are only nominally concerned, despite
the negative publicity associated with mobile security
breaches.
What makes those results disheartening, Gonzalez said, is that
roughly half of the respondents said a solid number of devices --
at least a quarter -- within their companies carry critical
applications and information.
"We would've assumed they had this under their belts and taken
care of," Gonzalez said, noting that of the 40% of companies that
have nothing in place, 35% said they are working toward a solution,
while the remaining 65% said mobile compliance and security are not
on their radar screens.
One reason so many companies are not diving into mobile compliance
and security issues, Gonzalez said, is lack of interest.
"Management doesn't have enough focus on it," he said. "They are
entangled in other compliance-related priorities."
Another reason is that many have yet to experience a mobile
security breach or incur the fines and penalties that come with
lack of compliance. Gonzalez said that several respondents believed
it would take a massive security slip to open their companies' eyes
to the growing problem.
Still, IDC estimated earlier this year that there will be close
to 900 million mobile workers worldwide by 2009. Gonzalez said the
companies not even considering solutions need to get with the
program. He added that roughly 75% of respondents to the BPM Forum
survey said they plan to increase the usage of mobile devices
within their organizations.
"A lot of people are not waking up," he said. "Half of the
respondents estimate that 25% of the devices used by their
organization do carry mission-critical or sensitive information.
They have to wake up and smell the coffee."
Gonzalez suggests that companies stimulate conversation and
raise the issue with management. "Raise the flag," he said, adding
that the disconnect between IT and executives as it pertains to
mobile security needs to vanish.