BYOD security: Clueless in the enterprise

Tools

The BYOD trend has been the bane of IT managers since it began. And the number one concern about BYOD centers around security of corporate data and networks.

Numerous surveys have shown that BYOD security issues continue to plague enterprises. According to a recent survey of 1,600 members of LinkedIn's Information Security Group, three-quarters of respondents said loss of company or client data was their top security concern with BYOD, followed by unauthorized access to company data and systems at 65 percent, and fear of malware infection at 47 percent.

In addition, surveys conducted last year found a growing disconnect between IT and employees over BYOD security. According to an IDG Research survey, more than two-thirds of employees are accessing the corporate network with their personal smartphones, yet few employees want security controls placed on their devices. Another survey found that a majority of enterprises admit that their employees use mobile applications that violate corporate policies.

The latest survey, conducted by the Ponemon Institute for Acronis, reveals that a majority of companies continue to put critical data at risk. The survey sample was a healthy 4,374 IT practitioners across eight countries.

Disturbingly, close to 60 percent of enterprises have no BYOD policy in place. Even those firms that do have a policy make exceptions for executives, who often handle the most sensitive data on their mobile devices.

In the category of Clueless in Seattle (and other major cities), close to one-third of organizations prohibit personal mobile devices form accessing their networks, a prohibition that is as enforceable as Prohibition in the 1920s.

More than three-quarters of companies have not educated employees about the privacy risks from BYOD. Only 31 percent of firms mandate a device password or key lock on personal devices, and only 21 percent perform remote device wipes when employees leave the company, according to the Ponemon survey.

Enterprises can no longer ignore BYOD or hope that BYOD security issues will take care of themselves. They need to develop strong BYOD policies and employ technology, such as mobile device management, to enforce those policies. Otherwise, they will become yet another headline in the long, sad parade of data breaches. - Fred