Join us for the FREE Cyber Defense Forum | Live Online on October 9


Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.

SANS Announces Results of its 2013 Mobile Security Policy and Management Survey

Organizational Pressure to Adopt BYOD; Controls Lag Behind Use

  • Bethesda, MD
  • December 2, 2013

SANS announces results of its 2013 mobile security policy and management survey in which 576 IT professionals answered questions about the use of employee-owned devices within their organizations (termed bring your own device or BYOD), awareness and concerns over risk, and how they are (or are not) managing this risk. The survey was sponsored by TCG and the SANS Internet Storm Center.

The professionals who took this survey represent the front lines of IT, setting policy for mobile device use, managing deployments of mobile devices and tackling the tough technical challenges associated with meeting the mobile device operational requirements of end users while maintaining the security requirements of the organization.

"Organizations are feeling the pressure of BYOD adoption, with or without policy and security tools to manage the deployments," says survey author Joshua Wright. "Tried and true security mechanisms, such as VPN, represent the primary tools used by organizations to protect mobile data, regardless of the limitations and inflexible nature of those solutions."

From the survey, it is clear that BYOD triggers fear and loathing among respondents but is seen as the wave of the future. When asked about what types of controls are in place for such usage, respondents indicated that 48% rely on user education and awareness, while a disconcerting 23% have not deployed any controls. It is encouraging that respondents overwhelmingly agreed that they are not confident with their existing policies.

"Even though convenient access to email is the number one app for enterprise data access, increased adoption of CRM and ERP mobile apps will inevitably increase the mobile risk surface for enterprise networks," Wright adds.

Results and suggestions for updating application controls and device management and reporting will be released during a webcast on Tuesday, December 10, at 1 PM EST. To register for the complimentary webcast please visit

Those who register for these webcasts will be given access to an advanced copy of the associated report developed by Joshua Wright

The SANS Analyst Program,, is part of the SANS Institute.

SANS Media Contact

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. Today, SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals in government and commercial institutions worldwide. Renowned SANS instructors teach more than 60 courses at In-Person and Live Online cyber security training events, and more than 50 courses are available anytime, anywhere with our OnDemand platform. GIAC, an affiliate of the SANS Institute, validates practitioner skills through more than 35 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers a master’s degree, graduate certificates, and an undergraduate certificate in cyber security. SANS Security Awareness, a division of SANS, provides organizations with a complete and comprehensive security awareness solution, enabling them to easily and effectively manage their ‘human’ cybersecurity risk. SANS also delivers a wide variety of free resources to the InfoSec community including consensus projects, research reports, webcasts, podcasts, and newsletters; it also operates the Internet's early warning system – the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to support and educate the global information security community. (