Results from the LinkedIn “Information Security” Group’s 2013 BYOD/Mobile Security Survey, Part 1: The State of BYOD

A few weeks back, Holger Schulze put out the call on his Information Security group on LinkedIn for respondents to a survey on BYOD and mobile security practices. Of the group’s approximately 160,000 members, 1,650 took the survey. He’s since tallied the results and published them online:

In this article, we’ll look at those results that describe the state of BYOD at the organizations represented by the respondents.

BYOD Adoption in Organizations: Still a Long Way to Go

byod adoption stage

60% of the organizations represented in the survey have not yet adopted BYOD, but are considering it. 24% are working on the policies and practices to implement a program, and about 10% of the people who haven’t yet adopted BYOD haven’t do so because they’re forbidding it outright.

byod readiness

It’s always a tricky thing to ask people to quantify a “gut feeling” with questions like “How would you rate your readiness for full enterprise BYOD adoption, in percent, where 100% is completely ready?” What’s the difference between 20% ready and 30% ready? Or 70% ready and 80% ready? Still, the fact that most of the organizations represented in the survey say that they’re less than 50% ready to adopt BYOD says that there’s a lot of uncertainty about their ability to set up a BYOD program.

In the meantime, here’s what the organizations are doing right now:


Note that in the chart above, both “Privately-owned devices are in very limited use” and “Privately-owned devices are widely in use, but not supported by the organization” are the 3rd and 4th most popular categories, each accounting for more than 20% of the respondents. That’s a good chunk of people who are accessing corporate resources with any policies or technologies to manage them; in some cases, IT would probably be completely unaware of how widespread the practice would be. We like to call this practice SYOD — “Smuggle Your Own Device”; others like to simply put it under the larger blanket term “Shadow IT”; either way, it has the potential to cause you great trouble.

Simply put: most organizations still have a long way to go before they’re truly ready to support employees bringing their own devices for work.