Train From Home on Your Schedule with OnDemand - Special Offers Available Now


Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.

NEW SANS Survey Finds That Many Corporate and Employee Computing Devices Remain Unsecured

Laptops/Desktops Still Most Used Mobile Devices; Lack of Management a Concern; Encrypted USB Devices and Windows To Go Offer Secure Options

  • Bethesda, MD
  • May 11, 2015

A new SANS survey, Securing Portable Data and Applications on Enterprise Mobile Workspaces, has found that, 84% of mobile workers are using organization-supplied laptop and desktop computers, many of which are not provided with managed security, as their primary access to work.

The usage pattern is important because many organizations appear to be underestimating the security risks posed by unmanaged laptops and desktops used by mobile workers to access enterprise applications and data.

Based on survey data, mobile workers use laptops and desktops for a lot of their work. But securing that environment for mobile workers is a challenge. USB devices and Windows To Go features are two options for providing such an environment.

"Even with many employees doing their work on unsecured or unmanaged laptops or desktops, many companies limit the use of USB devices, which could help provide data protection," says SANS Analyst Jacob Williams. "But fewer than half of those have technical controls to help enforce the policies. And, most don't encrypt the USBs, which opens a sizable potential data breach vector."

In fact, only 7% of organizations with 500-10,000 employees and just 13% with more than 10,000 employees encrypt their USB devices. "No technical controls means disaster when we note the very low rates of removable device encryption," says Williams. "This is especially true because respondents also identified lost removable devices as a security concern--one that is largely mitigated when technical controls enforce the use of only encrypted removable media."

Windows To Go features offer a safer means of replicating the laptop/desktop environment while enabling mobility. Although only 56% of respondents are familiar with the features, they represent another avenue available to secure the work environment of the mobile workforce.

Full results will be shared during a May 21, 2015 webcast at 1 PM EDT, sponsored by IronKey by Imation, and hosted by SANS. Register to attend the webcast at

Those who register for the webcast will also receive access to the published results paper developed by technology author Jaikumar Vijayan and SANS Analyst and information security expert, Jacob Williams.


Got portable data (USB) security concerns? Find solutions in free webcast on 5/21 with @IronKeySecurity.

BYOD is about more than phones and tablets. Learn more on May 21 at 1 pm EDT. #infosec #MobileSecurity

SANS Media Contact

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. Today, SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals in government and commercial institutions worldwide. Renowned SANS instructors teach more than 60 courses at In-Person and Live Online cyber security training events, and more than 50 courses are available anytime, anywhere with our OnDemand platform. GIAC, an affiliate of the SANS Institute, validates practitioner skills through more than 35 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers a master’s degree, graduate certificates, and an undergraduate certificate in cyber security. SANS Security Awareness, a division of SANS, provides organizations with a complete and comprehensive security awareness solution, enabling them to easily and effectively manage their ‘human’ cybersecurity risk. SANS also delivers a wide variety of free resources to the InfoSec community including consensus projects, research reports, webcasts, podcasts, and newsletters; it also operates the Internet's early warning system – the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to support and educate the global information security community. (