America – the land of the free?

Last updated: 21 March 2014

If you’ve been following our recent CIO series on the Gemalto blog you may be wondering how the US fares when it comes to enterprise security. In comparison with the UK, France, Germany and the Nordics, the US establishes itself as a land of caution, influenced by the lessons learned from recent security breaches around the world (many of which were on home soil) reported by bloggers like Brian Krebs.

51% of US CIOs are responsible for managing IT security within their companies, in comparison to 70%, for example, in France. So what does this tell us about the USA’s attitude towards enterprise security? Put simply, in the US it doesn’t always take more than one opinion to deem something secure, but maybe it should. Internal auditing is still the most popular method of determining risk and just 11% of US employees are allowed to download and install new applications on their PCs (or Macs) without having to get approval first.

No train, no gain

It may be shocking to learn that just 10% of US employees are the administrators of their own PCs. Shocking, right? Well, what if I told you that a whopping 71% of US companies use internal training to ensure individual departments take responsibility for the security risks they introduce to the workplace. Compare this with the UK and just 58% of companies rely on training to validate the responsibility a department has for security. The simple truth is that just 11% of UK companies decide to introduce IT security following a crisis, many adopting proactive policies, while a staggering 42% of US companies claim that security measures are only taken reactively, often once they’ve already suffered a breach.

In the US, 41% of companies let their employees have control over the majority of data/information shared by executives, compared to just 19% in the Nordics, yet, both have similar levels of enterprise mandated mobile device policies (around 60%). So what does this tell us about trust? Two thirds of US companies concede that tablets are making their way into the corporate ecosystem, again similar to the Nordics and UK, but only 30% admit that there is some level of security risk attached.

Harder, Faster, Better, Stronger (authentication)

27% of US companies are already using two-factor authentication, however, a larger percentage (67%, the highest of all the countries surveyed) feel that the primary obstacle between wider adoption of secure authentication is cost. This may prove surprising, especially when you compare the USA’s (admittedly struggling) superpower economy with the fledgling economic influence of Norway, Sweden and the like, 32% of which believe they already have enough digital protection in place.

While it’s clear that US CIOs believe strong authentication and security measures are more important than user convenience at work (77% agree), when it comes to BYOD policies, the US, like the UK, is behind the pace when it comes to extra security for remote network access. In the Nordics, two thirds of CIOs have extra security measures in place for remote access, while in the US, it’s just over half.

In a country littered with mobile devices (admittedly more active in major cities), for the US to prevent yet another security breach that makes front page news worldwide, the most telling statistic from our research is the nation’s apparent apathy towards remote access security.

Do you agree with what these CIOs are saying? What’s your view on digital security and BYOD policies in enterprise USA? Let us know below.