Shadow IT can obscure BYOD security risks

Blocking or ignoring BYOD can cause employees to take matters into their own hands, resulting in shadow IT that can pose security risks for the enterprise.

That is the observation of CBR in an article entitled "How Blocking BYOD Leads to Shadow IT." CBR cites an Ovum study that found 70 percent of U.K. organizations have no BYOD strategy, while workers bring their own mobile devices to work and IT often turns a blind eye.

"Growth in the use of employee-owned devices and self-selected applications is changing the face of the end-user computing environment, yet many organisations continue with outmoded, desktop-only computing strategies," Ovum principal analyst Richard Edwards is quoted by CBR as saying.

Shadow IT is by definition IT not under the purview of the organization's IT department, which means there are few controls over its use. Such a Wild West environment opens up the enterprise to security threats from criminals as well as careless employees.

Instead, IT needs to work with employees to ensure that the mobile devices they bring into the workplace have the necessary security controls.

Banning mobile devices from the workplace doesn't work in the long run, notes John Harris, chief technology officer of loyalty program provider Aimia. Harris, who was an IT executive at pharmaceutical firm GlaxoSmithKline (GSK), said that GSK tried to ban smartphones with cameras because of the proprietary information the firm had in laboratories and factories.

The ban failed, and GSK decided instead to work with employees and educate them about the risk of misusing their phones. "We got back to it being a behavioural thing. Don't take photos and let's all collectively enforce it as a policy," Harris is quoted by Computer Weekly as saying.

Michael Bischoff, CIO at Betfair, advises CIOs against taking an aggressive stance against shadow IT. "If you adopt the approach of 'we're going to beat you up because you did that', your shadow IT isn't going to get any smaller. What you must be able to do is engage with people after they've made those decisions and say 'how can we help get you the best out of this?,'" he is quoted by CBR as saying at a recent VMware event.

For more:
- check out the CBR article
- read the Computer Weekly report

Related Articles:
MDM vendors come up short on security
Don't write a requiem for BYOD just yet
BYOD is driving SMB storage market growth, says IDC