Enterprises fail to control mobile access
The results of a Courion survey of 988 IT decision makers at large organizations indicate that whilst organizations are confident that they can assure appropriate user access to resources on-site, they become less so when users connect via the cloud or a mobile device.
The problem is exacerbated as the volume of mobile device use increases. Two out of every three large organisations report that they now have employees connecting their own personal mobile devices to the corporate network, and yet more than one out of every five organisations do not have a policy in place to govern this use, or is not aware if such a policy exists.
This has led to a situation in which nearly one in 10 organisations has faced a data breach following the loss of a mobile device that has accessed their network.
Key data derived from the survey:
- On a scale of 0-5, with 5 being very confident, 57 per cent of respondents marked either a 4 or a 5 to indicate their level of confidence that they could control access to resources on their corporate network. That number dropped to 34 per cent when asked about cloud access, and 40 per cent when handling employee access via mobile devices and laptops.
- 88 respondents (nearly one in ten) admitted to having experienced a data breach as a result of a lost mobile device.
- 69 per cent of organisations say their employees are using personally-owned mobile devices to connect to the corporate network.
- Nearly one quarter of enterprises (21 per cent) either do not have a policy in place to govern the use of personal mobile devices on their network, or don’t know if one exists.
Courion recommends that organisations implement and carefully manage a comprehensive access aAssurance strategy in order to define, assess, enforce and verify that the right users have the right access to the right resources and are doing the right things.
Ensuring that employee and contractor identities are matched with the access rights they are given – regardless of device or location – is critical to securing corporate data.