The following was reprinted in Network World.

The enterprise mobility revolution by the numbers (and the security implications)

By Brian Duckering, Senior Manager, Endpoint Management and Mobility, Symantec, special to Network World 02:50 PM ET05 July, 2012

Ready or not, the mobile revolution is upon us. Some 59% of respondents to a recent Symantec survey said their companies are now making line-of-business applications accessible to mobile devices. Even more impressive, almost three-fourths — 71% — of businesses are looking into implementing a corporate “app store.”

Those were just two of the critical data points from a Symantec survey of 6,275 organizations of all sizes in 43 countries. And while mobility is helping organizations keep pace in today’s 24/7 business world, the advances come with advanced security risks that need to be addressed.

BACKGROUND: Enterprise smartphone and tablet incursion to grow in 2012

First, the survey findings.

The survey confirmed the key drivers behind the revolution. Specifically, it asked about the most important business benefits companies hope to achieve from mobility. The top answers were a desire for increased efficiency, increased workplace effectiveness and reduced time required to accomplish tasks. Taken together, these represent major business agility gains.

However, any IT manager knows that such expectations of implementing a new technology are rarely ever matched by the results. Impressively though, the survey showed that when it comes to mobility, these expectations have largely been met. For example, nearly three-quarters of businesses surveyed expected to increase efficiency through mobile computing, and a full 73% actually realized that gain.

As further evidence that the mobile revolution is in full swing, respondents said 31% of the IT staff at their organizations are involved in some way with managing mobile computing. This significant investment in resources is also an indication of the challenges IT departments are encountering as they try to balance mobility with other critical focus areas. In fact, nearly half of the organizations who responded to the survey — 48% — said they see mobile computing as “somewhat to extremely challenging.”

Furthermore, when the survey asked where mobility ranks in terms of IT risk as compared to other current technology trends, it was cited as one of the top three risk areas by 41% of respondents — more than any other trend or initiative, including public cloud computing, virtualization and Web 2.0. IT departments’ top mobile-related concerns include device loss, data leakage, unauthorized access to corporate resources and malware infection.

These top concerns are validated by another recent study, dubbed the Symantec Smartphone Honey Stick Project, in which 50 smartphones were intentionally “lost” after having been prepared with a slew of simulated personal- and corporate-related data and applications. The devices were then monitored to see what happened. Shockingly, 83% of the devices showed attempts to access corporate-related applications or data. This included attempts on roughly 50% of the devices to access a corporate email client, a remote admin app and files titled “HR Salaries” and “HR Cases.”

It is not surprising, then, to see why 1 in 4 survey respondents said the risks of mobile computing are “somewhat to extremely high.” In response to these perceived risks, the survey also showed that most organizations are at least discussing a range of security measures, from anti-malware software to the ability to remotely lock and wipe devices. However, when it comes to implementing these measures, less than half have taken the necessary steps.

GARTNER: How to get a handle on mobile device management

It is one thing for perceived risks to be on IT’s radar; it is another for those risks to actually be taking a toll on businesses as measured in financial loss. The fact of the matter is — as highlighted by the survey — small and large businesses are indeed seeing damages mount due to mobility-related security issues.

Specifically, within the last 12 months the average cost of losses due to mobile-related risks was a surprising $247,000 by organizations overall. Large enterprises and small businesses are largely experiencing the same kinds of loss, but to a very different degree — small businesses averaged $126,000 of loss, while enterprises averaged $429,000. [Also see: “By the numbers: The impact of data breaches“]

These losses are measured by direct financial expenses, loss of data and damage to brands or loss of customer trust. However, when all is said and done most organizations feel the mobile revolution is well worth the risks and associated costs that come with it. In fact, a full 71% of the survey respondents said they feel they at least break even on the risks verses rewards of mobility.

On that note, there are several best practices that can help organizations of all sizes realize the rewards of the mobile revolution while simultaneously minimizing the risks.

First, companies should seriously and methodically explore how they can take advantage of mobility, and then develop a phased approach to build an ecosystem that supports their plan. To get the most from mobile advances, they should plan for line-of-business mobile applications that have mainstream use. Employees are using mobile devices for business one way or another; companies should make it on their terms.

Next, companies should think strategically. They should build a realistic assessment of the ultimate scale of their mobile business plan and its impact on their infrastructure. They must think beyond email and explore all of the mobile opportunities that can be introduced, and they must also thoroughly understand the risks and threats that need to be mitigated. As they plan, they should focus on a cross-functional approach to securing sensitive data no matter where it might end up.

Finally, organizations must learn to manage mobility with efficiency. IT departments must accept that mobile devices are legitimate corporate endpoints that require the same attention given to traditional computing platforms.

Many of the processes, policies, education and technologies leveraged for desktops and laptops are also applicable to mobile platforms, so management of mobile devices should be integrated into the overall IT management framework and administered in the same way — ideally, using compatible solutions and unified policies. This creates operational efficiencies and lowers the total cost of ownership.

In summary, the 2012 State of Mobility Survey showed that companies are embracing the mobile revolution with an eye toward improving corporate agility. However, for all the benefits of the revolution, companies are also feeling its impact in terms of both resource consumption and risks. Despite this, most organizations believe the benefits outweigh the risks.

The reality of this balance, however, is dependent on companies thinking strategically, enforcing appropriate policies and managing and securing devices and data efficiently and comprehensively.