Mobile boom turns BYOD into unmanaged risk, Check Point finds

BYOD soars, networks judder

The challenge of securing mobile technology is starting to overwhelm some IT departments, with many BYOD smartphones and tablets left in an unmanaged state despite the risk of data loss, a global survey by Check Point has found.

It would be easy to dismiss yet another survey on mobile data security as ambulance chasing by a security firm, but Check Point's interrogation of 790 IT professionals in the US, Canada, UK, Germany and Japan (of different sizes) revealed a plausible degree of chaos.

First the numbers, with nearly half of those questioned describing a fivefold increase in mobile devices compared to two years ago.

BYOD probably explains much of this surge with 67 percent saying that their organisations had personally-owned devices connecting to their networks. A curious 2 percent even said that they only had personally-owned mobile devices on their networks.

The bottom line is that networks are suddenly inundated with mobile devices, particularly the harder-to-manage ones such as tablets and smartphones.

Most think this is a problem, with two thirds worried about the risks to corporate data and the physical resources that live on them posed by the BYOD boom.

Surprisingly given this worry, 63 percent stated that they had no policy for managing the data on privately-owned devices, although this was less true as organisations increased in size.

Looking at organisations with under 1,000 employees, only 17 percent had some form of "technical approach" to managing data on BYOD.

The most common form of data held on BYOD devices was business email (88 percent), contact information (74 percent), and a corporate calendar (72 percent). Customer data was also present just over half of the time.

The survey found clear evidence that security incidents on mobile devices can be expensive, with 16 percent of respondents mentioning a total cost of $500,000 (£328,000) or higher. A further 26 percent pegged it at somewhere between $100,000 and $500,000.

This probably isn't as alarming it sounds; any large organisation is going to face significant costs from the loss, damage or theft of mobile devices.

Most of the time, employee incompetence was seen as a greater risk than that of cybercriminals.

"Without question, the explosion of BYOD, mobile apps, and cloud services, has created a herculean task to protect corporate information for businesses both large and small," said Check Point's security researcher, Tomer Teller.

But why are so many organisations not managing data on employee devices? One answer is the lack of affordable tools, a particular issue for smaller firms.

"Companies have been overwhelmed by BYOD, and they are evidently still trying to get to grips with the problem, especially firms with 1000 employees or less.," said Teller.

"I believe part of the reason is that smaller companies will typically have fewer IT resources available to audit what personal devices are in use and manage and secure corporate data on them, and they also may not be fully aware of the tools and policies that can help them control this issue," he said.