SANS survey finds inordinate amount of devices remain unsecure
May 11, 2015
Print this page
A new survey from the SANS Institute, Securing Portable Data and Applications on Enterprise Mobile Workspaces, has found that, 84% of mobile workers are using organization-supplied laptop and desktop computers, many of which are not provided with managed security, as their primary access to work.
The usage pattern is important because many organizations appear to be underestimating the security risks posed by unmanaged laptops and desktops used by mobile workers to access enterprise applications and data, it said.
Based on survey data, mobile workers use laptops and desktops for a lot of their work. But securing that environment for mobile workers is a challenge. USB devices and Windows To Go features are two options for providing such an environment.
“Even with many employees doing their work on unsecured or unmanaged laptops or desktops, many companies limit the use of USB devices, which could help provide data protection,” says SANS Analyst Jacob Williams. “But fewer than half of those have technical controls to help enforce the policies. And, most don’t encrypt the USBs, which opens a sizable potential data breach vector.”
In fact, only 7% of organizations with 500–10,000 employees and just 13% with more than 10,000 employees encrypt their USB devices. “No technical controls means disaster when we note the very low rates of removable device encryption,” says Williams. “This is especially true because respondents also identified lost removable devices as a security concern—one that is largely mitigated when technical controls enforce the use of only encrypted removable media.”
Windows To Go features offer a safer means of replicating the laptop/desktop environment while enabling mobility. Although only 56% of respondents are familiar with the features, they represent another avenue available to secure the work environment of the mobile workforce.
The SANS Institute was established in 1989 as a cooperative research and education organization.