Even when security policies are in place, IT managers lose confidence in data security when employees are out of the office, an Imation survey finds.
Imation, the company that makes the IronKey secure key drives, has released the results of a survey showing that, despite robust mobile security policies that require protected key drives and encryption, confidence in the security of data on the road remains critically low. We wonder if IronKey was hoping to find higher confidence.
We've advocated tough security for mobile devices in government for years, and Imation was among the first to release a FIPS Level-3 certified thumb drive that not only locked down data with encryption, but it also protected it from physical tampering, destroying the data if anyone tried to crack open the protective armor surrounding the internal circuits.
The Imation survey did not specifically query government, but insofar as government can be considered a large enterprise, the attitudes of top government executives are likely not too far off from the 500 private-sector IT managers who were surveyed.
The biggest surprise is that less than half of the people in charge of IT at their companies trust data security on the road. While 73 percent of respondents were “extremely confident” of data security in the office, that confidence fell to 55 percent for teleworkers, and dropped again to 47 percent when employees are on the road.
The lowered confidence of data on the road existed despite the almost universal application of some form of mobile device usage policy. Separating out just U.S.-based companies, 95 percent of them had a policy that required some form of protection, be it encryption on the device or some form of central management. In fact, the United States was far ahead of the rest of the world in that area, with the next highest level of mobile data security adoption occurring in the United Kingdom, with 80 percent, followed by Canada with 73 percent and Germany with 53 percent.
Imation blames the confidence gap on user behavior and advocated even tighter controls. "The confidence gap among IT security pros, despite enforced security policies on mobile devices, demonstrates the disconnect between the policies themselves and user behavior," said Lawrence Reusing, Imation’s general manager for mobile security. "The fact is that the policies can’t control what users do with the organization’s data.”
Imation recommends employing available technologies to ensure a secure mobile workspace, something the administration is promoting with its recently released Mobile Security Reference Architecture, and what is at the heart of pending legislation such as the Federal Information Security Management Act Amendments of 2013, which recently passed the House on a unanimous vote.
It would be interesting to see a survey strictly of government IT workers, though the results would likely be similar. FIPS Level-3 mobile storage devices have only been around in large numbers for a couple years, and they will work their way into agencies gradually. Mobile policies are still evolving.
But this is all critically important because the number of mobile workers, in private companies and in government, is only going to increase. The Imation survey notes that the IDC's recent mobile worker forecast shows that the number of mobile or telecommuting workers is predicted to reach 1.3 billion by 2015. By then, 37.2 percent of all workers worldwide will be telecommuting or totally mobile. So locking down a working mobile security policy that IT bosses can be confident in now should be a top priority.