Adriano Gonzalez, vice president of strategy and programming for the BPM Forum, said the study was devised to determine where companies stand on mobile compliance issues. The findings, he said, show that many companies are lagging on tightening up mobile compliance issues.
"It's obvious that there's an issue with mobile devices in terms of security and in terms of loss of sensitive data," Gonzalez said, adding that the study wanted to pose the question: "How aware is the industry around the issue of mobile device security?"
According to Gonzalez, recent research from the BPM Forum indicates that 60% of companies are "stepping up to the challenge" and have put some form of security in place to protect against data leakage and fulfill compliance requirements. The remaining 40%, however, have nothing in place at all, he said. Elsewhere in the study, nearly two-thirds of respondents said they are moderately or severely concerned about mobile device security breaches, while a large minority, about 37%, are only nominally concerned, despite the negative publicity associated with mobile security breaches.
What makes those results disheartening, Gonzalez said, is that roughly half of the respondents said a solid number of devices -- at least a quarter -- within their companies carry critical applications and information.
"We would've assumed they had this under their belts and taken care of," Gonzalez said, noting that of the 40% of companies that have nothing in place, 35% said they are working toward a solution, while the remaining 65% said mobile compliance and security are not on their radar screens.
"Management doesn't have enough focus on it," he said. "They are entangled in other compliance-related priorities."
Another reason is that many have yet to experience a mobile security breach or incur the fines and penalties that come with lack of compliance. Gonzalez said that several respondents believed it would take a massive security slip to open their companies' eyes to the growing problem.
Still, IDC estimated earlier this year that there will be close to 900 million mobile workers worldwide by 2009. Gonzalez said the companies not even considering solutions need to get with the program. He added that roughly 75% of respondents to the BPM Forum survey said they plan to increase the usage of mobile devices within their organizations.
"A lot of people are not waking up," he said. "Half of the respondents estimate that 25% of the devices used by their organization do carry mission-critical or sensitive information. They have to wake up and smell the coffee."
Gonzalez suggests that companies stimulate conversation and raise the issue with management. "Raise the flag," he said, adding that the disconnect between IT and executives as it pertains to mobile security needs to vanish.