CISOs behind the curve on BYOD
According to a new survey by IBM, chief information security officers continue to struggle with BYOD.
Only 39 percent of CISOs are planning to develop an enterprise strategy for BYOD and only 29 percent have done so. Even more discouraging, only 10 percent consider a BYOD strategy to be important, according to the survey (.pdf).
Yet, according to a recent Cisco survey, 78 percent of U.S. workers use a personal mobile device for work purposes. So, the mobile devices are flooding into the enterprise, whether a BYOD strategy is in place or not.
While more than three-quarters of CISOs have inventoried their mobile devices on the corporate network and deployed mobile device management capabilities, only 61 percent have published a set of principles for mobile security and only 56 percent have developed containerization and encryption strategies for apps and sensitive data, the IBM survey found.
As the report notes, "mobile security is at a foundational stage of development...The primary mobile challenge for security leaders is to advance beyond the initial steps and think less about technology and more about policy and strategy."
For the study, IBM conducted in-depth interviews with 41 senior IT security leaders in large enterprises. A full 80 percent were the same leaders who participated in the inaugural study last year.
Most of the CISOs surveyed still consider traditional security technologies, such as identity and access management and network intrusion prevention and vulnerability scanning, as the most vital security components for their enterprise.
Nearly two-thirds do not translate metrics into financial impact, which makes it difficult to convince the C-suite to invest in security. At the same time, 80 percent of CISO are aware of the security concerns of their CEO and 70 percent develop their security strategy in conjunction with other business strategies.
The conclusion from the IBM study is clear. CISOs are behind the curve when it comes to BYOD policies. This opens up their enterprises to security risks that could be lessened with proper BYOD strategies and technologies in place. It is time for CISOs to stand up and face the future. - Fred