Last Day to Save $200 on Top-Notch Cyber Security Training at SANS Houston 2018!


Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.

SANS Announces Results of its 2013 Mobile Security Policy and Management Survey

Organizational Pressure to Adopt BYOD; Controls Lag Behind Use

  • Bethesda, MD
  • December 2, 2013

SANS announces results of its 2013 mobile security policy and management survey in which 576 IT professionals answered questions about the use of employee-owned devices within their organizations (termed bring your own device or BYOD), awareness and concerns over risk, and how they are (or are not) managing this risk. The survey was sponsored by TCG and the SANS Internet Storm Center.

The professionals who took this survey represent the front lines of IT, setting policy for mobile device use, managing deployments of mobile devices and tackling the tough technical challenges associated with meeting the mobile device operational requirements of end users while maintaining the security requirements of the organization.

"Organizations are feeling the pressure of BYOD adoption, with or without policy and security tools to manage the deployments," says survey author Joshua Wright. "Tried and true security mechanisms, such as VPN, represent the primary tools used by organizations to protect mobile data, regardless of the limitations and inflexible nature of those solutions."

From the survey, it is clear that BYOD triggers fear and loathing among respondents but is seen as the wave of the future. When asked about what types of controls are in place for such usage, respondents indicated that 48% rely on user education and awareness, while a disconcerting 23% have not deployed any controls. It is encouraging that respondents overwhelmingly agreed that they are not confident with their existing policies.

"Even though convenient access to email is the number one app for enterprise data access, increased adoption of CRM and ERP mobile apps will inevitably increase the mobile risk surface for enterprise networks," Wright adds.

Results and suggestions for updating application controls and device management and reporting will be released during a webcast on Tuesday, December 10, at 1 PM EST. To register for the complimentary webcast please visit

Those who register for these webcasts will be given access to an advanced copy of the associated report developed by Joshua Wright

The SANS Analyst Program,, is part of the SANS Institute.

SANS Media Contact

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals at governments and commercial institutions world-wide. Renowned SANS instructors teach over 60 different courses at more than 200 live cyber security training events as well as online. GIAC, an affiliate of the SANS Institute, validates a practitioner's qualifications via over 30 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers master's degrees in cyber security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet's early warning system--the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to help the entire information security community. (