Search

Brian Pennington

A blog about Cyber Security & Compliance

Tag

BYOD

BYOD security market to reach over $337 million

Technavio’s market research analysts expect the global BYOD security market to reach over $337 million between 2016 and 2020 

The increased use of mobile devices, triggered by the growing need for employee mobility, is the fundamental driving force behind growth in this market.  

The increase in employee mobility and the rising adoption of the Bring-Your-Own-Device (BYOD) policy is leading to the increased use of mobile devices. Enterprises are increasingly adopting BYOD security solutions to secure their networks from growing security threats and to provide secure access to confidential information. 

North America accounts for more than 36% of the market share to dominate the global BYOD security market. The growing awareness among enterprises about the benefits of using BYOD security solutions on mobile devices coupled with the rise in the number of cyber-attacks and malware are some of the key factors contributing to the growth in the BYOD security market in the Americas during the forecast period.

The growing popularity of cloud-based BYOD security is the latest trend in the global BYOD security market. Cloud-based BYOD security does not require any hardware or software and can be controlled remotely, making it cost-effective for the end-users. Also, it has a faster response rate to the new security threats and unauthorized activities as well as allows companies to use software products on a pay-per-use basis and are cost effective. Limited hardware infrastructure, less dependency on internal IT personnel, faster implementation of IT solutions, no licensing costs, and low maintenance costs are some of the advantages of a cloud-based BYOD security system,” says Amrita Choudhury, Lead Analyst, ICT, Technavio Research.

Currently, the Mobile Content Management (MCM) segment occupies almost 52% of the market share to dominate the global BYOD security market. MCM is gaining prominence among large enterprises, government organizations, and small and medium-sized business (SMBs) because of the increased acceptance of the BYOD policy.  

Some vendors in the MCM market are even providing additional security features in the products that they are offering to gain consumer interest and market shares. For instance, AirWatch provides the Secure Content Locker that comprises of secure storage containers to safeguard data stored on mobile devices. 

The key vendors in the global BYOD security market include Citrix Systems, Good Technology, IBM, MobileIron, and VMware. The global BYOD security market highly fragmented owing to the presence of many international, regional, and local vendors. Established BYOD security solution vendors are likely to acquire small vendors to expand their product portfolio and increase their market share.  

During the forecast period, the level of vendor competition is likely to intensify with product and service extensions, technological innovations, and M&As.

 

Are British Businesses over confident about the threat of data breaches?

Ilex International have launched their Breach Confidence Index. The Index is a benchmark survey created to monitor the level of confidence that British businesses have when it comes to security breaches. The Index shows high confidence levels

  • 24% of IT decision makers surveyed very confident
  • 59% fairly confident that their business is protected against a data security breach

The Breach Confidence Index raises major concerns for British businesses. Businesses are not currently required to report security breaches and in many cases, may not even know that they have experienced one. The survey found that 49% said their business has not experienced a security breach. In comparison to actual statistics shared at the 2015 Cyber Symposium, there is a major gap between the perception and reality of security breaches among businesses.

According to the survey the most common weaknesses resulting in a Data Breach were
22% MALWARE VULNERABILITIES
21% EMAIL SECURITY
15% EMPLOYEE EDUCATION
12% CLOUD APPLICATIONS
12% INSIDER THREATS
8% ACCESS CONTROL
8% BYOD OR MOBILE ACCESS
6% NON-COMPLIANCE TO CURRENT REGULATIONS

Weaknesses relating to identity and access management considerably increase as organisations expand their workforce. Some of the most common issues highlighted by large businesses include:

  • 44% insider threats
  • 42% employee education
  • 26% access control
  • 24% BYOD or mobile access

All figures in the Ilex International Breach Confidence Index, unless otherwise stated, are from YouGov Plc. Total sample size was 530 IT Decision Makers. Fieldwork was undertaken between 6th – 12th August 2015. The survey was carried out online.

Policy problems with cloud Storage revealed by survey

UK companies are placing themselves at risk of cyberattacks and data breaches as a result of rampant use of cloud storage services and unclear or non-existent corporate policies according to research released today by WinMagic Inc. The survey, conducted by CensusWide, of 1,000 office workers in organisations of 50 or more employees revealed widespread, and often unilateral employee use of cloud storage services could be leaving businesses with poor visibility of where their data is stored, placing potentially confidential data at risk.

Key Findings

  • 65% of employees don’t have or don’t know the company policy on cloud storage
  • 1 in 10 employees who use cloud storage services at least once a week have no confidence in the security of their data saved and accessed from the cloud
  • Cloud storage use varies widely – 41% use cloud services at least once a week, whilst 42% never use these services at all
  • 1 in 20 employees who use cloud services at least once a week, do so despite these services being restricted by their company
  • 35% of employees used a company sanctioned service
  • 43% were unaware of their employer’s policy on the use of these services. In addition, of those that use cloud storage at least once a week
  • 50% of respondents use personal equipment to access work information and services at least one a week
  • 47% of employees use company-issued equipment at home at least once a week

Darin Welfare, EMEA VP at WinMagic, said: “This survey highlights the challenge businesses face when managing data security in the cloud. IT teams have had to cede a level of control as employees have greater access to services outside corporate control and this research indicates that IT must take additional steps to protect and control company data in this new technology landscape. The wide range of employee adoption of these services also means an additional layer of complexity when devising corporate policies and education programmes for the use of cloud storage services.”

Employees are increasingly accessing work documents and services outside the office, particularly among regular users of cloud storage. The survey revealed 70% of employees who use cloud storage at least once a week will also use work equipment at home at least once a week, significantly higher than the UK average of 47%.

The WinMagic survey highlights a clear disparity between employee use of cloud services and company IT policy, which suggests that businesses must increase focus on devising clearer security policies and better staff training programmes in order to minimise the risk for the business.

Darin Welfare added: “One of the key steps that any organisation can take to mitigate the risk from the widespread use of unsanctioned cloud services is to ensure that all company data is encrypted before employees have the opportunity to upload to the cloud. In the eventuality that the cloud vendor does not adequately put in place control mechanisms and procedures to ensure security across their infrastructure, sensitive and valuable corporate data is still encrypted and cannot be accessed and understood beyond those who have the right to. This approach provides the company with the assurance that the IT team is in control of the key and management of all company data before any employees turn to cloud storage services.”

“This survey should serve as a wake-up call for IT teams to focus resources on crafting the stringent security policies, and employee education programmes that will help the business stay secure. It also indicates that this is not something that is only down to employee behaviour. Businesses need better training for all staff on the potential dangers of cloud services. Businesses must catch up with the employee cloud revolution or risk potentially catastrophic data loss.”

The full press release can be found here.

UK-Avast-for-Business-INFOGRAPHIC

What’s Keeping Higher Education CIOs up at Night?

whats-keeping-higher-education-cios-up-at-night-1-638

Higher Education CIO survey conducted by Extreme Networks.

Enterprises have more than 2,000 unsafe mobile apps installed on employee devices

Veracode has released analytics from its cloud-based platform showing that, based on the mobile applications it assessed, the average global enterprise has approximately 2,400 unsafe applications installed in its mobile environment.

Based on an analysis of hundreds of thousands of mobile applications installed in actual corporate environments across various industries including financial services, media, manufacturing and telecommunications Veracode found 14,000 unsafe applications of which:

  • 85% expose sensitive device data, including SIM card information such as phone location, call history, phone contacts, SMS message logs, device IDs and carrier information.
  • 37% perform suspicious security actions, such as checking to see if the device is rooted or jailbroken (which allows applications to perform superuser actions such as recording conversations, disabling anti-malware, replacing firmware or viewing cached credentials such as banking passwords); installing or uninstalling applications; recording phone calls; or running other programs.
  • 35% retrieve or share personal information about the user such as browser history and calendars, often sending sensitive information to suspicious overseas locations and allowing attackers to develop a complete profile of users and their social connections.

According to Gartner,

Through 2015, more than 75% of mobile applications will fail basic security tests.”  At the same time, cybercriminals and nation-states are constantly looking to exploit insecure applications in order to steal corporate intellectual property, track high-profile individuals or insert aggressive adware for monetary gain.

This creates a challenge for enterprises that want to increase productivity and employee satisfaction by providing BYOD programs or corporate-owned devices.  Modern MDM and enterprise mobility management (EMM) systems are designed to enforce corporate policies on managed devices, but need an automated and scalable mechanism for maintaining up-to-date information about thousands of unsafe apps that are constantly being added to public app stores around the world.

Existing approaches for addressing unsafe mobile apps, such as manually-curated blacklists, are difficult to scale because of the sheer size and constantly-changing nature of the problem.  As a result, they either fail to keep up with mobile threats or frustrate employees by prohibiting apps for no reason.

Many mobile apps are unsafe because they unknowingly access insecure third-party libraries and frameworks in the software supply chain – while other apps have been specifically designed to perform malicious actions,” said Chris Wysopal, Veracode co-founder, CISO and CTO. “Veracode’s automated cloud-based reputation service and MDM/EMM integrations were purpose-built to address the speed and scale required to effectively secure employee devices in global enterprise environments

5 Cloud Mobility Trends

Mobile Insecurity as an Infographic

IBM Mobile Insecurity

The costs of a cloud data breach revealed.

A summary of the Data Breach: The Cloud Multiplier Effect” survey from Ponemon sponsored by Netskope is below.

The survey reveals how the risk of a data breach in the cloud is multiplying. This can be attributed to the proliferation of mobile and other devices with access to cloud resources and more dependency on cloud services without the support of a strengthened cloud security posture and visibility of end user practices.

Ponemon surveyed 613 IT and IT security practitioners in the United States who are familiar with their company’s usage of cloud services.

  • 51% say on-premise IT is equally or less secure than cloud-based services
  • 66% of respondents say their organization’s use of cloud resources diminishes its ability to protect confidential or sensitive information
  • 64% believe it makes it difficult to secure business-critical applications

A lack of knowledge about the number of computing devices connected to the network and enterprise systems, software applications in the cloud and business critical applications used in the cloud workplace could be creating a cloud multiplier effect. Other uncertainties identified in this research include how much sensitive or confidential information is stored in the cloud.

For the first time, Ponemon attempt to quantify the potential scope of a data breach based on typical use of cloud services in the workplace or what can be described as the cloud multiplier effect. The report describes nine scenarios involving the loss or theft of more than 100,000 customer records and a material breach involving the loss or theft of high value1 IP or business confidential information.

When asked to rate their organizations’ effectiveness in securing data and applications used in the cloud.

  • 51% of respondents say it is low
  • 26% rate the effectiveness as high. Based on their lack of confidence
  • 51% say the likelihood of a data breach increases due to the cloud

Key takeaways from this research include the following:

Cloud security is an oxymoron for many companies.

  • 62% of respondents do not agree or are unsure that cloud services are thoroughly vetted before deployment
  • 69% believe there is a failure to be proactive in assessing information that is too sensitive to be stored in the cloud

Certain activities increase the cost of a breach when customer data is lost or stolen.

An increase in the backup and storage of sensitive and/or confidential customer information in the cloud can cause the most costly breaches. The second most costly occurs when one of the organization’s primary cloud services provider expands operations too quickly and experiences financial difficulties. The least costly is when the use of IaaS or cloud infrastructure services increases.

Certain activities increase the cost of a breach when high value IP and business confidential information is lost or stolen

Bring Your Own Cloud (BYOC) results in the most costly data breaches involving high value IP. The second most costly is the backup and storage of sensitive or confidential information in the cloud increases. The least costly occurs when one of the organization’s primary cloud providers fails an audit failure that concerns the its inability to securely manage identity and authentication processes.

Why is the likelihood of a data breach in the cloud increasing?

Ideally, the right security procedures and technologies need to be in place to ensure sensitive and confidential information is protected when using cloud resources. The majority of companies are circumventing important practices such as vetting the security practices of cloud service providers and conducting audits and assessment of the information stored in the cloud.

The findings also reveal that 55% do not believe that the IT security leader is responsible for ensuring the organization’s safe use of cloud computing resources. In other words, respondents believe their organizations are relying on functions outside security to protect data in the cloud.

  • 62% of respondents do not agree or are unsure that cloud services are thoroughly vetted for security before deployment
  • 63% believe there is a lack of vigilance in conducting audits or assessments of cloud-based services
  • 69% of respondents believe there is a failure to be proactive in assessing information that is too sensitive to be stored in the cloud

There is a lack of confidence in the security practices of cloud providers

Respondents are critical of their cloud providers’ security practices. First, they do not believe they would be notified that the cloud provider lost their data in a timely manner. Second, they do not think the cloud provider has the necessary security technologies in place.

  • 72% of respondents do not agree their cloud service provider would notify them immediately if they had a data breach involving the loss or theft of their intellectual property or business confidential information
  • 71% of respondents fear their cloud service provider would not notify their organization immediately if they had a data breach involving the loss or theft of customer data.
  • 69% of respondents do not agree that their organization’s cloud service use enabling security technologies to protect and secure sensitive and confidential information
  • 64% say these cloud service providers are not in full compliance with privacy and data protection regulations and laws

Lack of visibility of what’s in the cloud puts confidential and sensitive information at risk

The number of computing devices in the typical workplace is making it more difficult than ever to determine the extent of cloud use. According to estimates provided by respondents, an average of 25,180 computing devices such as desktops, laptops, tablets and smartphones are connected to their organization’s networks and/or enterprise systems.

Ponemon asked respondents to estimate the percentage of their organizations’ applications and information that is stored in the cloud. They were also asked to estimate the percentage of these applications and information that are not known, officially recognized or approved by the IT function (a.k.a. shadow IT).

30% of business information is stored in the cloud but of this, respondents estimate 35% is not visible to IT. This suggests that many organizations are at risk because they do not know what sensitive or confidential information such as IP is in the cloud.

What employees do in the cloud?

  • 44% of employees in organizations use cloud-based services or apps in the workplace
  • 53% use their personally owned mobile devices (BYOD) in the workplace
  • 50% of these employees use their own devices to connect to cloud-based services or apps.

Do certain changes in an organization’s use of cloud services affect the likelihood of a data breach?

  • 17% say the use of cloud-based services significantly increases
  • 34% say it increases the likelihood of a data breach. Ponemon define a material data breach as one that involves the loss or theft of more than 100,000 customer records or one that involves the theft of high value IP or business confidential information.

Calculating the economic impact of a data breach in the cloud.

Ponemon calculate what it might cost an organization to deal with a data breach in the cloud involving customer records. These calculations are based on Ponemon Institute’s recent cost of data breach research and the estimated likelihood or probability of a data breach based on cloud use. The calculation involves the following four steps:

  • First, drawing upon Ponemon Institute’s most recent cost of data breach study. Ponemon determine a cost of $201.18 dollars per compromised record.
  • Second, based on a data breach size of 100,000 or more compromised records in the survey and using the unit cost of $201.18 times 100,000 records. Ponemon calculate a total cost of $20,118,000
  • Third, from the survey results Ponemon extrapolate the average likelihood of a data breach involving 100,000 or more questions at approximately 11.8% over a two-year period.
  • Fourth, multiplying the estimated likelihood or probability of a data breach at 11.8% times the total cost of $20,118,000 Ponemon calculate a baseline expected value of $2.37 million as the average of what an organization would have to spend if it had a data breach involving customer records lost or stolen in the cloud.

Ponemon calculate what it might cost an organization to deal with a data breach in the cloud involving high value IP. Once again, these calculations are based on Ponemon Institute’s recent cost of data breach research and the estimated likelihood or probability of a data breach based on cloud use. The calculation involves the following steps:

  • First, drawing upon Ponemon Institute’s IT security benchmark database consisting of 1,281 companies compiled over a 10-year period, Ponemon estimate an expected value of $11,788,000.
  • Second, based upon the estimates provided by respondents Ponemon extrapolate the likelihood of a data breach involving the theft of high value information at 25.4%.
  • Third, multiplying the estimated likelihood or probability of a data breach at 25.4% times the total cost of $11.788 million Ponemon calculate a baseline expected value of $2.99 million as the average economic impact for organizations in our study.

What can cost an organization the most when it has a data breach involving the loss or theft of IP? The most costly scenarios involve the growth in the number of employees using their own cloud apps in the workplace for sharing sensitive or confidential information (a.k.a. BYOC) and an increase in the backup and storage of IP or business confidential information in the cloud.

The average costs to deal with these two types of data breaches are $5.38 million and $4.93 million, respectively.

Create a free website or blog at WordPress.com.

Up ↑

%d bloggers like this: