Analysts warn on BYOD as growth catches IT departments flat-footed

IDC Asia-Pacific associate vice president, Simon Piff

Despite an explosion in the number of employees using personal smartphones and tablets to access company information, industry analysts are warning that most companies are still woefully under prepared to secure those devices and cope with the potential for data leakage.

A new survey by Ovum – which included over 4000 IT professionals around the world – suggested that 70 per cent of smartphone-owning professionals are using those devices to access corporate data, usually without the knowledge of their IT departments.

Nearly half of those IT departments either didn't know about the BYOD activities or were ignoring it, while only 8.1 per cent actively discouraged it.

Worse still, even in companies that are aware of the BYOD trend, fully 80 per cent still lack adequate control over those devices.

Interestingly, Ovum flagged the levels of IT ignorance as being "significantly higher in mature economies with more rigid working practices" – suggesting continental Europe, the United States, Australia and elsewhere – than in high-growth economies such as Brazil, India and Soth Africa.

"It's worrying to see evidence of such a high proportion of businesses burying their head in the sand when it comes to planning adequately for BYOD," Ovum senior analyst Richard Absalom warned. "BYOD multiples the number of networks, applications, and end-points through which data is accessed. These are the three main points at which data is vulnerable; so, if left unmanaged, BYOD creates a huge data security risk."

Interestingly, the survey showed signs that employees would actually be less productive if forced to use company-issued devices: fully half said they would not access their own personal apps on a company-issued smartphone, citing privacy concerns.

Those results are consistent with other studies, such as a recent Harris-Fiberlink survey that found 76 per cent don't want employers being able to see what applications they install on their personal device. Eighty-two percent were "concerned" to "extremely concerned" about employers being able to track their Web use after work.

Analyst giant IDC has been equally cautious about BYOD, with mobility recently named as the #1 challenge facing corporate IT organisations.

"The challenges of mobility are immense," IDC Asia-Pacific associate vice president, Simon Piff, told the audience at the recent NetIQ Rethinking Security conference, noting that earlier surveys had shown many businesses are hurtling towards conflict as they had previously named app mobilisation as a key business priority.

Users' readiness to run on a BYOD basis, with or without the blessing of the corporate IT department, is only made worse by the fact that today's users are comfortable enough with technology that they no longer rely on IT for technical support, or to access new applications.

"Many users have just a little technical knowledge and that makes them dangerous," Piff said, noting that the situation gets even worse when considering recent survey results in which 13 per cent of CxOs said employees weren't trained on company security policies.

"What this actually tells me is that of the respondents to the survey, only 13 per cent of the CxOs were honest," Piff added, suggesting that many of the others assume their staff are being trained but may be mistaken.

The rise of BYOD and mobile apps will compound these shortcomings, he warned, noting that the solution lies not only in technology but in shaping employee expectations and habits to ensure security is maintained in the mobile and cloud world.

"You've got to find a way to make IT security become embedded," Piff said. "If we've already agreed every time you open a port in a firewall, allow an email or access a cloud service, you are compromising your security, and then you've got focus on what is inside the perimeter. It's all about understanding what's going on and having procedures or processes in place around what you are going to do while you are under attack."

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the CSO newsletter!

Error: Please check your email address.


Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts