Introduction
This free report produced in partnership with Google, discusses the growing importance of mobility in the changing workplace. discusses how employee productivity and business security needs are driving approaches and plans around enterprise mobility.
Key messages:
- Businesses have increased the importance of enterprise mobility initiatives since the COVID-19 pandemic saw the sudden shift to more remote and mobile workstyles.
- In addition to changing the way people work, mobility is also reshaping the threat landscape as the mobile workforce becomes a prime target for bad actors.
- Mobile security must not be viewed as an afterthought – but must be considered as an important element of broader enterprise security approaches, that consider people, process, and technology.
- Malware on devices, phishing attacks, and a lack of employee education and awareness around threats are the biggest mobile security challenges that are having a significant business impact that organizations are facing.
- Interest in advanced mobile security capabilities such as zero-trust is growing as businesses look to secure changing workstyles.
- Beyond mobile management and security, helping employees work more productively across mobile technologies is an important objective for businesses.
Download Securing the mobile workforce state of the union - 1.06mb | pdf
Summary
Catalyst
This white paper discusses the growing importance of mobility in the changing workplace. Specifically, it looks at how employee productivity and business security needs are driving approaches and plans around enterprise mobility.
Omdia view
Mobility continues to impact enterprises in many positive ways by providing employees with intuitive and speedy access to enterprise data and resources, and supporting more flexible work styles. For some businesses, mobility is complementary to the way they have traditionally operated, providing a new means by which employees can communicate and work across a variety of different endpoints. For other organizations, mobility has been more transformative and fundamental to how they operate. For these mobile-first businesses, mobile workflows, devices, and applications are the core means by which work is undertaken.
Mobility has not only transformed the way people work, but also the threat landscape that businesses now face. A flexible and mobile workforce, equipped with mobile devices and applications, is reliant on working with data that is often in the cloud and away from the traditional enterprise perimeter. In an environment where new risks emerge daily, a key mobility challenge for businesses is how to mitigate these risks by keeping enterprise data and assets secure, but in a fashion that does not negatively impact the employee experience. Many different solutions and services have emerged over recent years to help enterprises with this challenge. It is important, however, that businesses realize that technology alone will not act as a security silver bullet – people and processes will also be vital in helping businesses overcome mobile security complexities.
Mobile security should be considered and managed as part of a broader business approach and strategy around cybersecurity. This business-wide view is important as approaches to security and the solutions that underpin these approaches should not be adopted in a siloed fashion. A more unified, collective, and open platform approach to security will be important in helping businesses overcome many of the challenges currently experienced. 57% of respondents to a recent Omdia survey identified managing security, identity, and privacy as a top-three IT priority for them; however, only 11% describe their progress toward achieving a proactive approach to cybersecurity and digital risk as complete (see Omdia’s ICT Enterprise Insights 2019/20 – Global: ICT Drivers and Technology Priorities). Mobility should be viewed as a key element of any business cybersecurity strategy as it is an issue that impacts most, if not all, business functions, and therefore everyone has a role to play in managing it.
Securing and enabling a more mobile workforce has been a digital initiative of importance for some time now, but businesses are now attaching greater importance to this capability in response to the recent surge in remote and mobile working brought about by the COVID-19 pandemic. As mobility is brought further to the forefront of the digital agenda by most businesses, interest around technologies that can help businesses secure and manage the mobile workforce is increasing. To support this white paper, Google commissioned Omdia to develop a global survey on mobile security that delivered insights on the mobile security trends and challenges being experienced by businesses of different sizes, sectors, and across multiple geographies. Among those surveyed were IT directors, IT infrastructure heads, line-of-business managers, information security managers, IT and data security risk managers, and CIOs. All respondents were responsible for the management of mobile security in their respective businesses.
Key messages
Enterprise mobility is viewed as an important business-wide digital initiative
Mobile and remote work styles are becoming more common
Mobility continues to be a highly important digital initiative to businesses of all sizes across all industries. This is especially true in light of recent world events, which have resulted in more employees embracing remote and mobile working – work styles that many will be looking to make permanent in a post-pandemic world. When looking at the drivers that are influencing how businesses approach workplace mobility, there is no single dominant element; organizations recognize and are keen to deliver against a broad set of ideals that mobility can offer. As shown in Figure 1, businesses identify improving employee productivity and data security as business drivers that are influencing approaches to workplace mobility.
Fig.1 - Business drivers influencing workplace mobility
Other drivers identified as important include the improvement of collaboration and teamwork among employees, reducing overall costs, and supporting employee demand for a better work/life balance. Priorities do change slightly across industries; for example, and unsurprisingly, businesses in highly regulated industries are more security conscious and identify improving the security of business data and information as being the most important priority, with employee productivity a close second. However, there is no dominant objective when it comes to enterprise mobility – businesses are closely prioritizing a diverse set of business goals and have different challenges to overcome.
The digital needs of frontline workers are coming to the fore
The opportunities and challenges associated with enterprise mobility will expand going forward as a new wave of frontline workers become increasingly enabled with mobile technologies. Frontline workers are those at the forefront of the organization, very close to those consuming the services and/or products that the enterprise delivers. They often have close and direct interactions with customers and the general public, and as such are important representatives of a business and its brand. Frontline workers also make up a large population of the total workforce (see Figure 2).
Fig.2 Frontline workers make up a large population of the total workforce
Source: Omdia Enterprise Mobile Security Survey 2020
Traditionally, and especially relating to mobility, frontline workers have been largely underserved by new technology and services as digital transformation efforts have focused on back-office knowledge and information workers. However, this is beginning to change as businesses look to empower employees to deliver better customer experiences – an important business driver that is influencing approaches around workplace mobility. Enterprises need to consider the entire workforce when investing in new mobility technologies.
Businesses must not underestimate the importance of mobility management and security
As more employees embrace mobile work styles, businesses must adopt a strategy and approach that ensures they have visibility of how mobility is having an impact on the way people work, and how things could be improved in benefiting security and employee experiences. Failing to proactively manage mobility in this fashion will put sensitive data at risk and negatively impact the employee experience across mobile. While a large proportion (67%) of global organizations advise that they do have a formal enterprise mobility strategy in place, one-third still do not. Despite the importance of mobile devices to modern work, the reality is that widespread management of these devices is not something all businesses are achieving. As Figure 3 shows, only 12% of businesses advise that the majority of devices in use within their organizations for business purposes (90%+) are currently being formally managed by an enterprise mobility management solution.
Fig. 3 Mobile device management trends
Source: Omdia Enterprise Mobile Security Survey 2020
Security continues to be a key enterprise mobility priority
Mobile work styles are presenting businesses with new security challenges
As work is being carried out more and more across mobile, the devices, systems, and apps that employees are using have become an important target for bad actors. Over the past 12 months, a third (34%) of the organizations surveyed as part of this research advised that they had experienced a significant mobile-related security incident, as shown in Figure 4.
Fig. 4 Mobile-related security threats are common
Source: Omdia Enterprise Mobile Security Survey 2020
Protecting against an ever-changing landscape of mobile security threats can be complex and challenging, but it is vitally important as work continues to become more mobile. Even those businesses in highly regulated industries are taking a significant amount of time to discover mobile security compromises, with 60% advising that it took them between one and four weeks to realize they had experienced a mobile attack, as shown in Figure 5.
Fig. 5 It is taking businesses a long time to discover mobile security compromises
Source: Omdia Enterprise Mobile Security Survey 2020
There isn’t much variance in the time it takes to respond based on organization size either – whether it is a large multinational enterprise or a midsized organization, businesses of all sizes are taking a considerable amount of time to recognize mobile-related security incidents.
Mobile security challenges extend beyond just the technology
A lack of education around threats is one of the top mobile security challenges businesses face – this is a particularly important issue for larger organizations (10,000+ employees), with more than half identifying employee education as a key issue. Managing identity associated with cloud and enterprise services on mobile, and a lack of knowledge around the technologies that should be adopted in securing the mobile workforce are other significant challenges identified by businesses, as shown in Figure 6.
Fig. 6 Employee education around security is a key challenge
Source: Omdia Enterprise Mobile Security Survey 2020
It is interesting that two of the top three challenges are associated more with education than technology. This highlights the importance of viewing security as more than just a technology. It is vital that businesses ensure people, processes, and technology are considered in equal measure as part of any mobile security initiative. In particular, people are a crucial component of security controls and require support in developing security-positive behavior in mobile working.
The majority of businesses currently embrace a corporate-owned device-provisioning model
When it comes to provisioning mobile devices for use in the workplace, most businesses currently embrace a corporate-owned device management approach – one where the mobile devices that employees use are chosen by the company and offered for business use only. Support for a mixed or employee-owned approach, particularly for tablets and smartphones, is also quite strong, as shown in Figure 7.
Fig. 7 Business approaches to managing mobile devices Source: Omdia Enterprise Mobile Security Survey 2020
As more employees have been required to work from home in response to the pandemic, Omdia is observing a rise in “bring your own device” (BYOD) activity. As people increasingly rely on their personal devices to access work data and resources, it is vital that businesses have solutions and measures in place to secure this behavior.
Organizations currently rely on a varied set of tools to secure mobile workers
Businesses currently identify cloud access security brokers (CASBs) and identity and access management (IAM) solutions as those commonly used to secure mobile workers, as shown in Figure 8.
Fig. 8 The solutions businesses are relying on to secure mobile workers
Source: Omdia Enterprise Mobile Security Survey 2020
CASB solutions help strengthen security and improve visibility into how cloud services are being used by employees. As businesses and mobile workers increasingly rely on cloud-based applications and services, the strong interest and adoption of CASB solutions to secure this usage is unsurprising. Almost half of the respondents are also using an IAM solution, which again makes sense as the workforce goes more mobile and works across different device types. While mobile working has been around for years, the mass move to remote working brought about by the pandemic will increase the priority businesses attach to mobile security going forward. As Figure 9 shows, for many employees, the shift to remote working will be a permanent change. In response, we expect interest and adoption of mobile security solutions to further intensify over the next 12–18 months.
Fig.9 Business plans for remote work post-COVID-19 pandemic
Source: Omdia Future of Work Survey 2020
As with any enterprise security tool, it is important that businesses deliver mobile security solutions that do not negatively impact employee productivity or performance. Business should create an ecosystem of security solutions that are integrated and help improve visibility, control, and automation across the different devices, networks, and applications that employees now use.
As this report has already explored, the time it takes many businesses to identify mobile-related security attacks is quite slow. For these businesses, utilizing some of the more advanced and mobile focused security capabilities offered by unified endpoint management (UEM) and mobile threat defense (MTD) solutions would be advantageous in strengthening security. Understanding the devices and mobile operating systems in use within a business is also important in ensuring the right investments are made around tools, employee support approaches and practices, and education. Our survey data also shows Android as being the mobile OS of choice for most businesses at present, with the OS having a strong presence in organizations across all industries, as shown in Figure 10.
Fig. 10 Mobile devices used by businesses
Source: Omdia Enterprise Mobile Security Survey 2020
Strengthening security will continue to be a key driver of investment in mobility
Mobile security will continue to be a major focus of IT investment for businesses going forward, acting as a key driver of interest in enterprise mobility solutions. 32% of businesses advise that 11– 20% of their total IT budget will be allocated to mobile-focused security and management over the next 12–18 months – a big number considering the broad mandate of different opportunities and challenges modern IT departments must prioritize, as shown in Figure 11.
Fig.11 Allocation of IT budget for the next 12–18 months
Source: Omdia Enterprise Mobile Security Survey 2020 Businesses are relying on a mix of different mobile security tools and approaches
As shown in Figure 12, businesses currently rely on a variety of different features to secure their mobile ecosystems, with phishing detection and protection, biometrics, and malware protection being viewed as the most important by those we surveyed as part of this research.
Fig. 12 The security features businesses view as being important
Source: Omdia Enterprise Mobile Security Survey 2020
Mobile malware protection and detection and phishing protection and detection are mobile security capabilities that are well adopted at present. The main method of protecting enterprise data on mobile devices is currently app-based threat detection, but multiple methods are being employed by businesses (see Figure 13).
Fig. 13 Businesses intend to use a broad mix of mobile security features
Source: Omdia Enterprise Mobile Security Survey 2020
Business interest in advanced mobile security capabilities is growing
Business interest is increasing in more advanced security approaches
Interest and investment plans around more advanced mobile security capabilities is also growing. Those organizations that invest and plan diligently around advanced mobile security capabilities will be better equipped and capable of maturing their enterprise mobility approaches, realizing more business value in the process. Specifically, and as Figure 13 shows, many organizations are planning to use zero-trust security capabilities, unified endpoint management, zero-touch device enrolment, and man-in-the-middle detection and protection within the next two years. Zero-trust refers to a way of implementing enterprise security whereby access is granted to corporate assets on an individual basis. In other words, there is no longer the notion of “access all areas” once a user has been authenticated, even for those so-called “privileged” users, such as system administrators (sysadmins) whose role in an organization requires them to be able to access everything, which they once would have done as a matter of course. Instead, the user gains access only to the application they require at that moment, with further applications requiring another round of authentication (there is also the option to enable access to a small group of applications at one time, if they are all required to complete a specific task). The session initiated by the user once access has been granted is usually also monitored for additional security (the zero-trust mantra being: “never trust, always verify”).
Zero-trust approaches strengthen security beyond the perimeter of the office
Interest in a zero-trust security approach is growing as employees increasingly work with new cloud deployed applications and in a more mobile fashion, away from the office – work styles that will become more common in response to the COVID-19 pandemic. It is important that security approaches change in order to secure work beyond the traditional office perimeter, and this is the value that zero-trust delivers. Unlike more traditional security approaches, a zero-trust method does not rely on providing blanket access to work resources. Instead, approaches to providing access are more adaptive and granted based on different conditions and signals, such as device posture, geolocation, user identity, and network. Our survey data shows that approaches around conditional access are progressing well. While role-based access control is the most popular at present, businesses are using multiple methods of access control, as shown in Figure 14.
Fig. 14 Businesses are using different types of access control Source: Omdia Enterprise Mobile Security Survey 2020
The plans businesses have around new and more advanced workplace mobility capabilities, such as zero-trust security and UEM, demonstrates an intent to further accelerate and mature workplace mobility initiatives – something that is very important considering how work styles have changed over recent months. These types of investments have the potential to help businesses to improve security posture and employee productivity, as well as help in realizing long-term cost savings and streamlining and automating mobile management activities.
Data privacy and improving employee productivity are priorities for businesses when it comes to mobility
Data privacy is a key concern for businesses of all sizes
Regardless of which device ownership model is favoured, whether it is BYO or corporate owned, those leading on mobile security initiatives have strong views on the need for personal data privacy, as shown in Figure 15.
Fig. 15 Businesses value personal data privacy Source: Omdia Enterprise Mobile Security Survey 2020
There are mobile capabilities and solutions that can help deliver the level of data privacy businesses demand by separating work data from personal data on devices. Android, for example, offers a work profile that enables employees to conduct work on their personal devices without sharing their personal information and data. Between the work and personal profiles, every app is separate – emails, calendars, docs, and photos. The two profiles (personal and work) never share any data and IT teams are restricted from being able to access anything under the personal profile on a device. This type of feature is not just restricted to personal devices either – for example, Android 11 brings the privacy protections of the work profile to company-owned devices. This type of mobile OS-level data privacy capability can help improve user experiences by giving them more freedom over device choice and reducing the need to carry multiple devices. It is also valuable from a business perspective, as these user experience enhancements do not need to come at a cost of compromising security. In many parts of the world personally identifiable information (PII) is subject to data privacy laws, irrespective of the device on which it resides. It is important that businesses understand that even if an organization owns the device, access to personal information is not in line with some laws. GDPR, for example, is a change that will have contributed to this focus on data privacy as it has had a huge impact on how businesses approach security around personal data. Improving the customer experience is viewed by organizations as an important business driver influencing workplace mobility approaches. As employees increasingly use mobile devices to work with customer data, it is important to consider the challenges that could arise in protecting PII – specifically, maintaining the privacy of the employee’s data, but to also leverage capabilities that ensure customer data cannot be exfiltrated on an employee device. Businesses should manage the risks appropriately and work with compliance functions to determine what data needs to remain private on devices.
Mobile productivity is an important focus
Historically, enterprise mobility initiatives have been focused predominantly on device management, largely in service of IT departments that wanted to have better visibility into the devices being used in a business. However, businesses increasingly want to approach workplace mobility in a more strategic fashion that involves making work more mobile-centric. In achieving this, organizations must look to complement a core of well-established endpoint management and security activities with capabilities that can help a mobile workforce work better. Businesses are reporting an encouragingly high proportion of work tasks that are being undertaken using mobile devices, as shown in Figure 16.
Fig. 16 Employee tasks and workflows are moving to mobile
Source: Omdia Enterprise Mobile Security Survey 2020
As mobile technologies advance, and as businesses become more mobile-centric, an increased and more sophisticated set of employee tasks will be undertaken across mobile devices. The businesses that will get the most value from enterprise mobility going forward will be those that continuously consider more than just management and security functionality and work toward transforming the way people work through mobility.
Get in touch
Omdia consulting
Omdia is a market-leading data, research, and consulting business focused on helping digital service providers, technology companies, and enterprise decision-makers thrive in the connected digital economy. Through our global base of analysts, we offer expert analysis and strategic insight across the IT, telecoms, and media industries.
We create business advantage for our customers by providing actionable insight to support business planning, product development, and go-tomarket initiatives.
Our unique combination of authoritative data, market analysis, and vertical industry expertise is designed to empower decision-making, helping our clients profit from new technologies and capitalize on evolving business models.
Omdia is part of Informa Tech, a B2B information services business serving the technology, media, and telecoms sector. The Informa group is listed on the London Stock Exchange.
We hope that this analysis will help you make informed and imaginative business decisions. If you have further requirements, Omdia’s consulting team may be able to help your company identify future trends and opportunities.