IDC Asia-Pacific associate vice president, Simon Piff
Despite an explosion in the number of employees using personal smartphones and tablets to access company information, industry analysts are warning that most companies are still woefully under prepared to secure those devices and cope with the potential for data leakage.
A new survey by Ovum – which included over 4000 IT professionals around the world – suggested that 70 per cent of smartphone-owning professionals are using those devices to access corporate data, usually without the knowledge of their IT departments.
Nearly half of those IT departments either didn't know about the BYOD activities or were ignoring it, while only 8.1 per cent actively discouraged it.
Worse still, even in companies that are aware of the BYOD trend, fully 80 per cent still lack adequate control over those devices.
Interestingly, Ovum flagged the levels of IT ignorance as being "significantly higher in mature economies with more rigid working practices" – suggesting continental Europe, the United States, Australia and elsewhere – than in high-growth economies such as Brazil, India and Soth Africa.
"It's worrying to see evidence of such a high proportion of businesses burying their head in the sand when it comes to planning adequately for BYOD," Ovum senior analyst Richard Absalom warned. "BYOD multiples the number of networks, applications, and end-points through which data is accessed. These are the three main points at which data is vulnerable; so, if left unmanaged, BYOD creates a huge data security risk."
Interestingly, the survey showed signs that employees would actually be less productive if forced to use company-issued devices: fully half said they would not access their own personal apps on a company-issued smartphone, citing privacy concerns.
Those results are consistent with other studies, such as a recent Harris-Fiberlink survey that found 76 per cent don't want employers being able to see what applications they install on their personal device. Eighty-two percent were "concerned" to "extremely concerned" about employers being able to track their Web use after work.
Analyst giant IDC has been equally cautious about BYOD, with mobility recently named as the #1 challenge facing corporate IT organisations.
"The challenges of mobility are immense," IDC Asia-Pacific associate vice president, Simon Piff, told the audience at the recent NetIQ Rethinking Security conference, noting that earlier surveys had shown many businesses are hurtling towards conflict as they had previously named app mobilisation as a key business priority.
Users' readiness to run on a BYOD basis, with or without the blessing of the corporate IT department, is only made worse by the fact that today's users are comfortable enough with technology that they no longer rely on IT for technical support, or to access new applications.
"Many users have just a little technical knowledge and that makes them dangerous," Piff said, noting that the situation gets even worse when considering recent survey results in which 13 per cent of CxOs said employees weren't trained on company security policies.
"What this actually tells me is that of the respondents to the survey, only 13 per cent of the CxOs were honest," Piff added, suggesting that many of the others assume their staff are being trained but may be mistaken.
The rise of BYOD and mobile apps will compound these shortcomings, he warned, noting that the solution lies not only in technology but in shaping employee expectations and habits to ensure security is maintained in the mobile and cloud world.
"You've got to find a way to make IT security become embedded," Piff said. "If we've already agreed every time you open a port in a firewall, allow an email or access a cloud service, you are compromising your security, and then you've got focus on what is inside the perimeter. It's all about understanding what's going on and having procedures or processes in place around what you are going to do while you are under attack."