Print this article | Return to Article | Return to CFO.com
Weak or nonexistent policies on mobile devices could invite security breaches, says a new study.
Stephen Taub, CFO.com | US
November 27, 2006
A new study has raised concerns that the proliferation of mobile devices could cause a surge in regulatory compliance violations and security threats. Executives are trusting PDAs and cell phones with important corporate information but aren't safeguarding the devices properly, the study concludes.
Nearly half of the corporate officers who participated in the study said at least 25 percent of their organizations' mobile devices carry mission-critical applications and data, according to trade group Business Performance Management Forum. At the same time, 40 percent of respondents reported their companies lack the measures necessary to manage mobile data tracking, back-up, and archiving for regulatory compliance purposes.
The reasons for not implementing these measures vary. About 30 percent of the respondents said mobile device usage is not widespread; 21 percent said other compliance issues take a higher priority; and 12 percent said budget constraints have prevented them from taking action, according to the report, which gathered more than 680 responses from senior corporate officers who deal with performance management, compliance, and governance.
The report also blamed executives' communication skills for the lack of security. “There is disconnect between IT executives who recognize mobile device compliance and security risks, and C-level executives who see benefits, not risks,” the report warns.
BPM asserted that smaller companies—defined as $100 million in revenue and under—face a greater risk of violations, with just 32.4 percent implementing formal mobile compliance policies. At companies with more than $100 million in revenues, 70.7 percent said they have such systems in place.