“You can pay me now, or pay me later.”
That refrain, made famous by a US auto parts manufacturer in the 1970s, is the not-so-subtle theme of a recently published white paper from market research group Heavy Reading. The report, Mitigating Security & Compliance Risks with EMM, provides a comprehensive assessment of the financial liabilities facing organizations that fail to adopt secure and comprehensive Enterprise Mobility Management (EMM) solutions.
It may be tempting for enterprises to make EMM decisions based primarily on satisfying employees or reducing device costs. But failing to adequately consider all potential security risks during the early stages of workforce mobilization initiatives, the report warns, could result in a financial day of reckoning later on.
“Enterprise mobility risk mitigation requires careful assessment of risk scenarios, as well as a thorough evaluation of technical enterprise mobility management approaches to reduce incidents that range from minor security breaches to – in the worst and most dramatic cases – catastrophic losses in brand value, revenue, competitive status and productivity,” says the report.
The white paper, which provides a comprehensive accounting of enterprise mobility risks and their potential financial impact, is not for the squeamish. The report’s findings are likely to send CIOs, as well as CEOs and other business leaders, reaching for the antacids.
Among the report’s stomach-churning revelations:
- The average total organization cost of a data breach was $5.4 million in 2013
- Mandated regulatory audits resulting from compliance violations cost on average $500,000
- Businesses of 1,000 employees estimate that a single hour of lost productivity due to a security breach could cost the company between $100,000 and $300,000.
- Healthcare organizations have been fined in excess of $1 million for the unlawful disclosure of patient information
As company’s work to mitigate these kinds of risks, particularly on employee-owned devices, many struggle to find an adequate balance between securing valuable corporate data and an employee’s right to privacy.
“Bring Your Own Device (BYOD) blurs the line between ownership and control of data between the enterprise and the individual, and it introduces a complex web of legal risks for the enterprise,” notes the report, which recommends containerization technology as a mechanism for privacy protection. “Today, most legal ramifications of BYOD are still at best gray zones because few best practices are in place. Also, laws and regulations vary considerably from country to country, and even state to state, in the U.S.”
The Heavy Reading white paper, sponsored by BlackBerry, documents additional security and compliance vulnerabilities that may be heightened in a BYOD-based mobility management environment. While it acknowledges the prevalence of BYOD adoption and its suitability for some enterprise mobility scenarios, the report concludes that even a well-managed BYOD policy may fall short of protecting some security-conscious organizations from severe legal, financial or reputational penalties.
“Some companies and organizations with stricter security needs may find a Corporate-Owned, Personally Enabled (COPE) strategy to be a more suitable strategy, “ says the report. “For organizations with the highest security and compliance demands – such as government agencies, financial services firms, healthcare providers, law firms and others – a Corporate-Owned, Business-Only (COBO) strategy may ultimately turn out to be the best risk-mitigating solution.”
Despite its simplicity, that 40-year-old advertising slogan offers some valuable advice to business leaders embarking on ambitious enterprise mobility initiatives. Organizations that invest in a comprehensive multi-platform EMM solution now (download a recently completed EMM TCO study here), will be better protected from exorbitant legal feels, business-halting regulatory penalties and reputation-killing security breaches later.