Companies should examine multiple issues when evaluating what to do about the growing demand and installed base of tablets. We are seeing a rapidly increasing number of companies that allow user-obtained devices—tablets and smartphones, but usually not laptops—to be brought into the organization. In fact, about 25% to 35% of enterprises currently have a "bring your own device" (BYOD) policy in place, and we expect that to grow to over 50% in the next one to two years.
As a consequence of the tablet invasion, corporate-sensitive data assets are being put under increased security risk. In fact, most tablets (and many smartphones) currently have the processing power and memory storage capability of PCs that were put out just a few years ago. Subsequently, a significant amount of sensitive corporate data—such as business email, customer databases, corporate presentations and business plans—is making its way onto these devices. And this is often taking place without oversight and/or without implementation of the inherent protection levels we have come to expect on PCs, including complex passwords and user authentication, encrypted data files and VPN connectivity.
It is quite common for users to lose their mobile devices. In fact, we know of one corporate executive who went through three iPads in six months and another who had six different iPhones within a one-year period. While these may be extreme examples, imagine the type and amount of sensitive data contained on these devices. With 32 GB to 64 GB of storage now commonplace on these devices, just how much of your sensitive data can be downloaded and lost?
The Ponemon Institute estimates that each exposed personal data record on a lost or stolen mobile device costs a company $258 to remediate. So someone losing 10,000 records will cost a company $2.58 million, not to mention any additional penalties that a regulatory agency might impose due to lack of compliance (regulated industries take note).
Based on the numbers of laptops lost each year (5% to 10%), and the number of smartphones lost each year (15% to 25%), we estimate that most organizations will see tablets go missing—either lost or stolen—at a rate of 10% to 15% each year. For example, a company with 5,000 users will lose 250 to 500 laptops per year, and once tablets are widely deployed, as many as 500 to 750 tablet devices could go missing each year. In the wake of this tablet invasion, it is imperative that companies create a tablet security strategy that protects the most valuable asset—no, not the tablet device, but the data residing on the tablet. While the device may cost several hundred dollars, the data could be worth millions.
What should a company do to accommodate user choice while protecting its data assets and preventing potentially costly and damaging losses? First, it must create a detailed mobile device strategy that addresses the various mobile device types, the individual capabilities and functions of the respective device types, the ability (or inability) to secure the devices, and the user classes that are permitted access to various devices, apps and corporate data.
This becomes the basis for an enterprise's mobile strategy that will maximize the security of corporate assets while minimizing the total cost of ownership (TCO). Indeed, while overlooked by many organizations, the actual cost of the mobile device is only 15% to 25% of the TCO, which can often reach $2,000 to $3,000 per user/per year for many smart devices. Creating a mobile device strategy should be mandatory for all organizations, especially in the wake of the tablet invasion. A mobile device strategy is not just about security, it's also about operational excellence and cost containment.
In part two of this series, read how to create a fluid mobile platform strategy to manage the growing diversity of smart devices including tablets.
About the author: Jack E. Gold is founder and principal analyst at J. Gold Associates. Gold is a leading authority on mobile, wireless and pervasive computing. He advises clients on business analysis, strategic planning, architecture, product evaluation/selection and enterprise application strategies. Before founding J. Gold Associates, Gold was a vice president of Technology Research Services with Meta Group, and also held positions in technical and marketing management at Digital Equipment Corporation and Xerox. He can be reached at firstname.lastname@example.org.
This was first published in June 2011