1 Workplace Technology Prepared for © Harris Interactive April 2013.

1

Workplace TechnologyPrepared for

© Harris Interactive

April 2013


Table of Contents

Methodology 3

Questionnaire Design Flow 4

Executive Summary 6

Detailed Findings 9

Appendix 44


Methodology

• The research was conducted via self-administered online surveys within the United States by Harris Interactive between February 20 - 28, 2013. Two audiences were targeted:

– Information Technology Decision Makers (“ITDMs”): n=250– Full-time employed mobile device (smartphone and/or tablet) users (“USERs”): n=1,001

• Among ITDMs figures for business size (in number of employees) were weighted to bring them into line with the population of business sizes across the US.

• Among USERs, figures for education, age by gender, race/ethnicity, region, and household income were weighted where necessary to bring them into line with the population of US residents who own a cell phone or smart phone. For the online sample, our weighting algorithm also included a propensity score which allows us to adjust for propensity to be online. For the phone sample, our weighting also included variables to account for the probability of selection.

• All sample surveys and polls, whether or not they use probability sampling, are subject to multiple sources of error which are most often not possible to quantify or estimate, including sampling error, coverage error, error associated with non-response, error associated with question wording and response options, and post-survey weighting and adjustments. Therefore, Harris Interactive avoids the words "margin of error" as they are misleading. All that can be calculated are different possible sampling errors with different probabilities for pure, unweighted, random samples with 100% response rates. These are only theoretical because no published polls come close to this ideal.

© Harris Interactive 3

USERs: Questionnaire Design Flow

Responsibility of mobile device security and data recovery

Benefits of BYOD Security and recovery

responsibility Risks of BYOD

Responsibility of mobile device security and data recovery



Formal company policy Reimbursement policy Device security on and

off BYOD Steps taken to protect

device, self and employer

Formal company policy Reimbursement policy Device security on and

off BYOD Steps taken to protect

device, self and employer

Familiarity and definition of BYOD

Frequency of access of work-related information and applications via mobile devices

Types of information and applications accessed


Frequency of access of work-related information and applications via mobile devices


Questions to screen for full time employed respondents who own and use smartphones or tablets.

Questions to screen for full time employed respondents who own and use smartphones or tablets.

Screener BYOD Familiarity & Usage Company Policies & Security

BYOD Attitudes

4

ITDMs: Questionnaire Design Flow


Proportion and awareness of employees engaging in BYOD

Awareness of employees engaging in



Proportion and awareness of employees engaging in BYOD

Awareness of employees engaging in


Questions to screen for employees with oversight or decision-making authority in IT/Technology systems

Questions to screen for employees with oversight or decision-making authority in IT/Technology systems

Formal company policy BYOD policy details

Recency of policy implementation

Mobile device mgmt Reimbursement Protocol upon

employee severance Employees’ device security Steps taken to protect

employees’ devices Importance of security

measures Cybersecurity

communication with employees

Responsibility of mobile device security



Screener BYOD Familiarity & Usage Company Policies & Security

BYOD Attitudes

5

Executive Summary and Key Observations

• Familiarity with BYOD is low among users and lower than expected with ITDMs perhaps due to the newness of the phenomenon.

• It is important for companies to implement BYOD policies and ensure their employees’ awareness because more users are engaging in BYOD than ITDMs may be aware of.

• Users may also be unaware of their employer’s BYOD policy as evidenced by the disconnect between reported incidence of policies among ITDMs and the user’s unawareness.

• Users and ITDMs alike may not be doing enough to protect devices that are accessing company information, as well as the information itself. Users and ITMDs both focus on password/PINs as the main security measure, often ignoring more advanced security.



• With users accepting responsibility for protection and information recovery, it should not be an uphill battle for ITDMs to emphasize the importance of taking proper security measures with their devices.

• Benefits of BYOD are readily recognized by users and ITDMs.– Users and ITDMs see BYOD as providing convenience, flexibility, and a virtual

connection to work for employees. BYOD can also help attract employees as users tend to favor employers with a BYOD permitting policy.

• Overall, ITDMs and users are favorable toward BYOD, but have some reservations.– Most users agree that BYOD is the wave of the future and most ITDMs agree the

benefits outweigh the risks. But the low intensity of support may indicate cautious optimism. • Concerns around data protection and employee compliance could be contributing to these

less intense feelings.



• Small businesses see opportunity in BYOD but may also be more vulnerable.– Despite similar incidence of BYOD usage across company size, smaller companies

(500 or fewer employees) are less likely to take action to protect employees’ mobile devices and are less likely to communicate the importance of protective action to their employees.

– Smaller companies show those same tendencies in their attitudes as well, assigning low concern to the risks of BYOD.

– Companies with 500 or fewer employees are also more likely than larger companies to say the benefits of BYOD outweigh its risks. • The higher vigilance among larger companies may be related to the increased risk due to the

volume of employees engaging in BYOD. ITDMs in smaller companies are also more likely to be the owners/executives and thus less familiar with the complexities of implementing BYOD practices.


Awareness and knowledge of BYOD (Employees bringing their personal mobile devices smartphones and tablets to work to access work-related information and applications.)


Among users, familiarity with the term BYOD is low.


Base: All USERs (n=1,001)Q700 How familiar are you with the term “bring your own device” or BYOD?

Base: Very/Somewhat Familiar (n=259)Q705 Based on what you know, how would you define what BYOD is?

10

Based on what you know, how would you define what BYOD is? (Among Very/Somewhat familiar)

As expected, familiarity with the term BYOD is higher among ITDMs.


Base: All ITDMs (n=250)Q700 How familiar are you with the term “bring your own device” or BYOD?

Base: Very/Somewhat Familiar (n=134)Q705 Based on what you know, how would you define what BYOD is?

11

Based on what you know, how would you define what BYOD is? (Among Very/Somewhat familiar)

• The term is mainly associated with bringing mobile devices to work to access work related information.

Over half of Users reported some amount of BYOD behavior during the year.


Base: All USERs (n=1,001)Q800 How often, if at all do you use your personally owned mobile devices to access work-related information or applications?

12

57% BYOD on either mobile device during the year

• Over 4 in 10 use either a smartphone or tablet weekly to access work-related information or applications.

Majority of ITDMs (60%) think 25% or less of their employees access company info on their personal devices on a regular basis.


Base: All ITDMs (n=250)Q800 Approximately what percentage of your employees do you think access company information or applications with their personal devices on a regular basis (at least weekly)?

13

However nearly 4 in 10 acknowledge that they may be unaware of some employees that access company information.


Base: All ITDMs (n=250)Q801 Are you fully aware of all employees who access company information or applications?

Base: Unaware of all employees engaging in BYOD (n=90)Q802 Why do you think some employees access company information or applications without your knowledge?

14

-ITDM lack of knowledge-“Convenience”-ITDM lack of knowledge-“Convenience”

Smartphones are noted as the mobile device of choice for BYOD andemail is the application most accessed.


Base: BYOD ITDMs(n=197)Q803 What types of mobile devices do employees typically use to access company information or applications? Please select all that apply.

Base: BYOD (USERs: n=551; ITDMs: n=197)Q810 What types of company information or applications do you/they typically access? Please select all that apply.

15

What types of company information or applications do you/they typically access?

Company information or applications

Users ITDMs

Email 89% 92%

Calendaring and Scheduling 57% 75%

Databases 28% 32%

Company Applications 28% 39%

Directories 25% 31%

Financial information 19% 16%

File servers 19% 33%

Other 6% 4%

Smartphone83%

Tablet66%

Other14%

What types of mobile devices do employees use to access company info?

ITDMS

Presence of BYOD Policy


Half of users say their company doesn’t have a BYOD policy whereas more ITDMs claim they have a policy.


Base: All Respondents (USERs: n=1,001; ITDMs: n=250)Q900 Does your company have a formal BYOD policy?

Base: ITDMs with formal policy (n=146)Q902 When did your company put your BYOD policy in place?

17

Yes, we allow employees to use their personal mobile devices to access work information or applications

Yes, we officially do not allow employees to use their personal

mobile devices to access work information or applications

No

ITDMSPresence of formal BYOD policy

Even in the presence of BYOD policies, employees are expected to pay for the device and data plan themselves.


Base: BYOD (USERs: n=551; ITDMs: n=197)USERs: Q905 Thinking about the mobile device you use to access work information or applications, does your company pay for your mobile device in some way?ITMDs: Q905 Thinking about those employees who bring their own device, does your company pay for the personal mobile devices or data plans in some way?

18

Yes, my company pays for the device

Yes, my company pays for the data plan

Yes, we share the costs of the device

Yes, we share the costs of the data plan

No, the employee pays for the device and data plan themselves

Device Reimbursement

Six in ten of users who said their company has a formal BYOD policysaid they provide IT support.


Base: USERs and Employer formally allows BYOD (n=206)Q907 Does your company provide IT support for its BYOD policy?

19

ITDM BYOD policies cover a variety of items.


Base: VariableQ903 Are you applying mobile device management as part of your company’s BYOD policy? Base: ITDMs and formally allows BYOD (n=116)Q907 What does your BYOD policy cover? Please select all that apply. Base: ITDMs and formally allows BYOD (n=116)Q909 When an employee leaves the company, what policies and procedures do you have in place? Please select all that apply. Base: BYOD ITDMs (n=197)Q947 Does your IT department require employees to sign some form of a data security notice? All ITDMs (n=250)

20

When an employee leaves the company, what policies and procedures do you have in place?

Protections for employees related to privacy and loss of personal information

Back-up and restore for personal data if an employee loses or inadvertently wipes their mobile device

Back-up and restore for personal data if their mobile device is hacked

Other

What does your BYOD policy cover?

Deactivate network certificate

Remote wipe

Remote lock

Other

None

Does your IT department require

employees to sign some form of a data security

notice?YES 52% NO 48%

• Including mobile device management, protection related to privacy and loss, deactivation of network certificates when an employee leaves, and signing of a data security notice.

Security of Devices and Steps Taken


Both users and ITDMs believe employee personal devices are secure.


Base: All USERs with device (Smartphone: n=846; Tablet: n=534)Q910 How secure do you feel your personal smartphone is?Q912 How secure do you feel your personal tablet is?

22

Security of smartphone and personal tabletITDMSUSERS

Base: ITMDs and employees use device (Smartphone: n=162; Tablet: n=129)Q910 Thinking about those employees who bring their own device, how secure do you feel your employee’s personal smartphones are?Q912 Thinking about those employees who bring their own device, how secure do you feel your employee’s personal tablets are?

A slight majority of users think their device is more secure when accessing work-related info.


Base: BYOD USERs (n=551)Q913 How much do you agree or disagree with the following statement?

23

My personal mobile device is more

secure when I am accessing work-

related information than it is when I am accessing personal

information.

USERS

Very few users have experienced cyber attacks or had their devicestolen or lost, but of those who did they are much more concernedabout their personal information than their company’s info.


Base: All USERs with device (Smartphone: n=846; Tablet: n=534)Q935 In the past year, how many times, if at all, have you lost any of the following mobile devices (either misplaced it or it was stolen)?Q914 Have you experienced a cyber-attack or security breach on your mobile device?

Base: Device stolen and engage in BYOD (n=71)Q940 When your mobile device was lost/stolen, how concerned were you about a stranger accessing any of the following information?

24

Lost any of the following mobile devicesUSERS

How concerned were you about a stranger accessing any of the following information?

USERS

Personal Information Company Information

Experienced Cyber-attack/security breachUSERS

74% 58%

Users note that adding a password/PIN is one of the most popular security measures taken by themselves and their IT department.


Base: All USERs (n=1,001)Q915 Which of the following steps, if any, have you personally taken to protect your mobile devices? Please select all that apply.

Base: BYOD USERs (n=551)Q920 Which of the following steps, if any, has your IT department taken to protect your mobile devices?

25

What other steps have you taken to protect your mobile devices?

Run software updates

Added a password/PIN

Installed anti-virus programs

Location tracking

Installed an app that can remote lock, locate, and/or erase data

Other

None

Steps personally taken to protect your mobile devicesUSERS




Restricting downloadsRestricting access to certain

employeesRestricting or blocking access to

websitesInstalled an app that can remote

lock, locate, and/or erase data

Location tracking

Mobile application management software

Usage limits

Other

None

Steps IT department taken to protect your mobile devices USERS

Actions taken by ITDMs is consistent with the actions users are reporting of their IT departments.


Base: Employees engage in BYOD (n=184)Q920 Which of the following steps, if any, has your IT department taken to protect your mobile devices?

26

Steps the IT department has taken to protect employee’s mobile devices.ITDMS



Network certificates

VPNs

Restricting access to certain employees

Restricting or blocking access to websites


Installed an app that can remote lock, locate, and/or erase data

Restricting downloads

Lock screens


Location tracking

Hardware based authentication tokens

Usage limits

Other

None

Users and ITDMs note that updates are typically run automaticallyand password/PINs are asked to be updated every 2 – 6 months.


Base: BYOD and Required to add password/PIN (USERs: n=156; ITDMs: n=88)Q925 How often are you required/how often do you require your employees to change your password/PIN?

Base: BYOD and Required to run updates (USERs: n=104; ITDMs: n=56)Q927 Are the software updates you are required to run/require your employees to run..?

27

What other steps have you taken to protect your mobile devices?

How often are you required to change your password/PIN?

Are the software updates you are required to run..?

User initiated – you have to make a selection for the

update to runUSERS: 45%ITDMS: 23%

Automatic – you don’t have to do anything for the

update to runUSERS: 55%ITDMS: 77%

ITDMs impose restrictions on remote access and social media sites.


Base: ITDMs and employ usage limits (n=23)Q923 What types of usage limits or restrictions do you have?

Base: ITDMs and restrict access (n=54)Q924 When accessing corporate applications and information, are BYOD users restricted from accessing:

28

*Small base size

Base: BYOD ITDMs (n=197)Q946 How important do you find each of the following BYOD security measures in helping to protect company information? Please answer for each even if your company does not employ the protection.

ITDMs view passwords/PIN and anti-virus programs as being mostimportant in protecting company info.


Password/PIN

Anti-virus programs

Software updates

Network certificates

VPNs

Download restrictions

Access restrictions for certain employees

App that can remote lock, locate, and/or erase data

Restricting or blocking access to websites

Locking of screens


Hardware based authentication tokens

Location tracking

Usage limits

ITDMs have communicated the importance of secure networks, changing passwords, and reporting security issues.


Base: BYOD ITDMs (n=197)Q950 What specifically have you communicated to your employees to protect themselves against cybersecurity threats on their mobile devices, if anything?

30

Employees to protect themselves against cybersecurity threats on their mobile devicesITDMS

Importance of accessing information when on secure networks (e.g. those that require passwords)

Importance of changing password/PIN frequently

Need to report data security issues quickly

Importance of running updates frequently

Importance of encrypting messages to protect sensitive information

Other

Nothing, we have not communicated anything to them


Based on survey results, both users and ITDMs feel that it is the user’s primary responsibility to keep their device secure.


Base: BYOD USERs (n=551)Q1015 Whose primary responsibility is it to keep your mobile device secure?Q1020 In the event that your mobile device is hacked, whose primary responsibility is it to recover your personal information?

Base: ITMDs (n=250)Q1010 Whose primary responsibility is it to keep your employee’s personal mobile devices secure when they are accessing company information or applications?

31

Attitudes toward BYOD


Base: All USERs (n=1,001)Q1030 Now you will read two hypothetical opposing opinions about BYOD. One statement will represent the opinions of a person named [ROTATE: Smith/Jones] and the other statement will represent the opinion of a person named [ROTATE: Jones/Smith].

Users recognize BYOD may be wave of the future and ITDMs feel the benefits outweigh the risks.


“BYOD is a fad that will soon fade.”

Smith says: Jones says:

“BYOD is the wave of the future so companies need to get on board.”

Base: All ITDMs (n=250)Q1020 Thinking about BYOD, do you think the..?

Risks/Benefits: ITDMS

Users recognize that BYOD “keeps employees connected”, “is convenient”, and “provides flexible work environment”.


Base: All USERs (n=1,001)Q1005 How much do you agree or disagree with the following statements?

34

I would prefer working for an employer that allows BYOD than one that doesn’t.

BYOD keeps employees connected to work without having to be there

BYOD helps the company save money on technology

BYOD is convenient for employees

BYOD provides a flexible work environment - employees can work wherever they want

BYOD helps employees be more productive

BYOD makes employees happy

BYOD policies help improve company and employee relations

BYOD provides employees with a good work-life balance

USERS

• Over 6 in 10 users prefer to work for an employer that allows BYOD over one that doesn’t.

BYOD is convenient for employees

BYOD provides a flexible work environment - employees can work wherever they want

BYOD keeps employees connected to work without having to be there

BYOD makes employees happy

BYOD helps employees be more productive

BYOD helps the company save money on technology

BYOD policies help improve company and employee relations

BYOD provides employees with a good work-life balance

These attributes of BYOD are also recognized by ITDMs.


Base: All ITDMs (n=250)Q1006 How much do you agree or disagree with the following statements?

35

Base: All ITDMs (n=250)Q1016: When employees access work-related information or applications with their mobile devices, how concerned are you about each of the following?

Data protection

Security of the devices

Employee compliance

The device could be lost or stolen

Visibility into all devices that are accessing company information and applications

Employees abusing BYOD

Compatibility

Lack of standardization

Providing IT support for their personal devices

Increased liability for damage to the device at work

Performance of the device

ITDMs emphasize “data protection”, “security of device”, and “employee compliance” as their chief concerns.


ITDM Perceptions byCompany Size


Smaller companies are slightly less likely to have employees who engage in BYOD.


Base: All ITDMs (Less than 500 employees: n=132; 500 or more employees: n=118)Q800 Approximately what percentage of your employees do you think access company information or applications with their personal devices on a regular basis (at least weekly)?

38

% of employees engaging in BYOD by company size (in employees)

Indicates a score significantly higher / lower than Less than 500 employees at the 95% confidence level

ITDMs in larger companies are more likely to have taken all types ofsteps to protect their employee’s mobile devices.


Base: BYOD ITDMs (Less than 500 employees: n=90); 500 or more employees: n=94)Q920: Which of the following steps, if any, has your IT department taken to protect your employee's mobile devices?

Steps IT Dept has taken to protect mobile devices by company size (in employees)

39


Larger companies are also more likely to have communicated the importance of protecting against cybersecurity threats.


Base: BYOD ITDMs (Less than 500 employees: n=97; 500 or more employees: n=100)Q950: What specifically have you communicated to your employees to protect themselves against cybersecurity threats on their mobile devices, if anything?

Communication to employees by company size (in employees)

40


ITDMs in larger companies are more likely to recognize the importance of non-basic security measures.


Base: BYOD ITDMs (Less than 500 employees: n=97; 500 or more employees: n=100)Q946: How important do you find each of the following BYOD security measures in helping to protect company information?

Importance of security measures (very/somewhat important) by company size (in employees)

41


Although ITDMs of different sized companies recognize the benefits. . .


Base: All ITDMs (Less than 500 employees: n=132; 500 or more employees: n=118)Q1006: How much do you agree or disagree with the following statements?

Agreement (strongly/somewhat) by company size (in employees)

42


. . .Concerns over the hazards of BYOD are universally higher among larger companies.


Base: All ITDMs (Less than 500 employees: n=132; 500 or more employees: n=118)Q1016: When employees access work-related information or applications with their mobile devices, how concerned are you about each of the following?/ If your employees were to use their personally owned mobile devices to access work-related information or applications, how concerned would you be with each of the following?

Concern (very/somewhat concerned) by company size (in employees)

43


And larger companies are more likely to say the risks outweighthe benefits when it comes to BYOD.


Base: All ITDMs (Less than 500 employees: n=132; 500 or more employees: n=118)Q1020: Thinking about BYOD, do you think the..?

Less than 500

500 or more

BYOD Risks vs. Benefits by company size (in employees)

44


Also larger companies are more likely to say it’s the company’s responsibility to keep their employee’s device secure.


Base: All ITDMs (Less than 500 employees: n=132; 500 or more employees: n=118)Q1010: Whose primary responsibility is it to keep your employee's personal mobile devices secure when they are accessing company information or applications?

Responsibility in keeping employee’s mobile device secure by company size (in employees)

45


Demographics



Total

GenderMale 57%Female 43%

Age18-24 7%25-34 26%35-49 34%50-64 28%65+ 5%

Race/EthnicityWhite 72%Hispanic 12%Black 10%Asian or Pacific Islander 4%Native American or Alaskan Native 1%Some other race 1%

Household IncomeLess than $50k 23%$50k to less than $100k 34%$100k or less than $249k 37%$250k or more 3%

Education

HS or Less 18%

Attended college or college degree 58%

Attended graduate school or graduate degree 17%

USER DemographicsTotal

Company Size (in employees) 1 - 24 14%25-49 5%50 - 99 7%100 - 499 17%500 - 999 9%1,000 - 4,999 15%5,000 - 9,999 9%10,000+ 24%


TotalTitleOwner/President 28%VP/C-Suite 13%Director/Manager 23%Other 9%

IndustryCommunications/Technology 26%Finance/Legal 12%Business Services 8%Government/Non-Profit 17%

TotalCompany size

1 – 24 31%25 – 49 6%50 – 99 6%100 – 499 11%500 – 999 4%1,000 – 4,999 10%5,000 – 9,999 4%10,000+ 27%

Company revenueLess than $500,000 26%$500,000 - $999,999 4%$1 million - $24.9 million 14%$25 million - $49.9 million 5%$50 million - $99.9 million 9%$100 million - $499.9 million 2%$500 million - $999.9 million 4%$1 billion or more 23%Decline to answer 13%

Employment statusEmployed full time 68%Self employed 29%Employed part time 3%

ITDM Demographics

1 Workplace Technology Prepared for © Harris Interactive April 2013.

Documents

byod steps

byod awareness of employees

definition of byod proportion

workrelated information

employer familiarity

coverage error

phone sample

online sample