BYOD: Bring-Your-Own-Device to Work…But Don’t Expect Much Security

Other Posts
Jun 24, 2011

Consumerization of IT is one of the major forces shifting the way office workers and organizations operate. Although still in its infancy, we can already see the effects of consumers bringing in personal devices and using personal online services within the workplace. And thanks to tech-savvy Generation Y’ers and Z’ers (born with iPod-in-hand), the consumerization-of-IT trend is only going to grow, and rapidly at that.

Because PCs have been the standard computing device for quite some time, an organization’s IT department is able to easily administer access and information between a desktop computer and a company network. Today, the line differentiating work devices and personal devices is rather fuzzy, and the line between how those devices are used is even fuzzier. An organization’s IT department now has to juggle multiple mobile devices where the majority of them are not company-owned.

In the InfoTrends’ Mobile Knowledge Workers: Emerging Opportunities (US) study, we found that almost 64% of respondents purchased a Smartphone or mobile device that they used for business themselves.  Furthermore, participants used handheld portable electronic devices, including iPads, tablets, and Smartphones, for business more than 50% of the time (Figure 1). In addition, over 65% of respondents completely or somewhat agreed that mobile technology enabled them to better manage work/personal activities and that mobile technology enabled them to get more work done. 

Figure 1: Approximately what percentage of the time that you spend using the following devices is for business versus personal use?

Workers use laptops, tablets, and Smartphones to network and collaborate with colleagues and clients. Mobile apps and cloud computing further fuel the way consumers operate within a this-is-how-I-work environment. So an IT department is stuck as the middle-man between ensuring an organization’s infrastructure is secured via remote access while maintaining employee productivity/satisfaction by enabling personal-device use.

And as office workers continue to out-influence IT departments, should organizations just go-with-the-flow? After all, employees are more productive, and bringing in personal devices saves the company money. Sounds perfect, right?

Wrong.

Although nowadays it’s common for employees to have better technology at home than at work, and for employees to require and expect anytime, anywhere access with the use of personal devices, that does not translate to organizations simply allowing it. Because then who and what is at risk?

Considering IT departments are primarily held responsible for an organization’s infrastructure and personal mobile technology use is on the rise, it comes as no surprise that nearly 50% of IT respondents considered security to be the single most significant challenge to implementing mobile devices within their organizations. And I don’t blame them given their current referee status.

What exacerbates this issue is the ease of accessibility to corporate networks combined with non-existent or minimal mobile computing strategies/policies within the workplace. Seventy percent of IT respondents reported that employees had remote access to company servers/data as their roles demanded, and 28% reported that everybody has access regardless of their position within the company. Among those companies who granted their employees remote access, 54% allow employees to access the corporate network via their personal devices (Figure 2).

Figure 2: Does your company allow employees to access the corporate network via personal devices? 

Mobile access to company data from personal devices isn’t necessarily a bad thing, but it can become a dangerous one if it’s not done in a proper, secure way. And with over 50% of employees accessing company information from their personal device, lack of security could quickly spiral into an abundance of violations. So how many organizations are taking the necessary steps to ensure a safe and secure personal mobile-access experience? Not enough.

Glancing at Figure 3 below, you’d think that enterprises are doing a fairly decent job with implementing some type of security policy. And sure, about 66% of larger enterprises are on-board. But smaller organizations are at a huge risk by not having any type of security policy in place, which is even worse because they most likely do not have the financial capabilities to recover from a serious security breach of information. Although some organizations are getting it, many others are not, and they should be implementing these types of policies at a faster rate.

Figure 3: Has your company implemented any security policies or procedures related to the use of smartphones or mobile devices?

 

Of course employees shouldn’t be forbidden from bringing in their Smartphone or tablet and syncing it up with their company’s IT infrastructure and corporate network, but what needs to be put into place are IT policies combined with enterprise adaptability. And given the discrepancy between the rate at which consumerization of IT is growing and the rate at which organizations are adapting (only 26% of IT respondents say they already have a mobile computing strategy in place), organizations are lagging which signals a red flag in the area of security.

Considering 60% of IT respondents expect the number of mobile knowledge workers to increase in the next two years, the time is now for organizations of all types to seriously start looking at and implementing mobile device security policies that protect their employees, their IT department, and their data.

Receive a weekly summary of recent blogs and other exclusive content.

InfoTrends Resources

New InfoTrends Studies

More blogs from

2016 InfoTrends, Inc.

WordPress Appliance - Powered by TurnKey Linux