Surveys show disconnect between IT, employees over BYOD security

Majority of firms say employees violate BYOD policies

More than two-thirds of employees are accessing the corporate network with their personal smartphones, yet few employees want security controls placed on their devices, according to an IDG Research survey of 350 IT managers and employees at enterprises with more than 250 employees.

While a majority of employees are willing to have malware protection and password requirements placed on their personal device, only 24 percent are willing to allow logging of corporate data they access from their personal device, even though logging access to corporate data is a compliance issue for many companies, according to the survey sponsored by mobile security firm Blue Coat.

In addition, only 19 percent of employees are willing to allow logging of web content accessed from their personal device and only 12 percent are willing to have restrictions placed on the types of sites and content they access.

At the same time, 41 percent of IT managers expect to be able to log access to corporate data from personal devices. 37 percent expect to enforce restrictions on the types of websites and content employees can access from their personal devices, and 34 percent of IT managers expect to log web content accessed from personal devices.

A full 88 percent of employees believe that their personal mobile devices are somewhat or very secure from malware, while 42 percent of IT managers believe that the risk of malware spreading from mobile devices to the corporate network is high or very high.

This BYOD security disconnect has limited the applications that businesses are willing to allow employees to access. While a majority of businesses allow access to email and instant messaging from personal mobile devices, fewer than one-quarter allow employees to access other applications, such as sales force automation, customer relationship management and supply chain management, from their personal mobile devices.

Nearly two-thirds of businesses said that they would block personal device from accessing the corporate network, including email, work applications and any shared internal sites, if the employee fails to comply with BYOD policies, according to the IDG Research survey.

Along with the survey results, Blue Coat unveiled a new mobile device security service for Apple (NASDAQ: AAPL) iOS devices along with the survey results. The company said that the new security-as-a-service, which operates at the network level, provides enterprises with a control point over mobile browser applications and a defense against web-based threats.

Yet, according to a separate survey of 100 network IT professionals by network monitoring company Endace, a majority of enterprises admit that their employees use mobile applications that violate corporate policies. Nearly 40 percent of respondents noted that they do not know which applications are in use on their network.

From these surveys and other recent polls, it is obvious that there is a disconnect between the IT department and employees over BYOD access and policies.

Related Articles:
Don't let the BYOD boogeyman get you
Firms should consider regulatory, security impact of BYOD, Gartner advises