Do you have a security policy governing data access via mobile devices? Unless things have improved considerably since we asked readers this question last summer, it's even odds you don't. The problem is, employees are using smartphones in their jobs, whether the security team is on board or not. In a July InformationWeek survey, 82% of smartphone owners said they use their devices to read business e-mail, 80% surfed corporate Web sites, and 61% accessed enterprise data.
And don't look to business managers to stifle this trend: 74% of users said they foot their own cellular bills, and 65% paid for the devices out of their own pockets. More productivity at little or no cost to the business. So what's not to like?
Plenty, actually. Mobilizing employees increases productivity, but the security risk is dramatically heightened without IT involvement. Yet just 31% of readers said corporate IT supports smartphones and PDAs. We understand the logic: When the enterprise doesn't own the devices, it can't regulate what users buy. Supporting a mishmash of systems is a nightmare. That's why for years we've advised readers to stay ahead of this trend. Those who didn't now find themselves in an untenable position. While the enterprise might not own the physical assets, it does own the data that end users are storing on them. As soon as corporate information lands on a smartphone, it becomes a business asset that needs to be secured.