The bring your own device (BYOD) movement and the broader trend of increased mobile solutions are driving a very ambivalent dialog in most business, schools, and government agencies. On one hand, iPhones, iPads, and other mobile technologies are increasing user productivity and satisfaction (often while improving customer engagement). On the other hand, many devices contain sensitive data and are far from being truly secure.
A handful of studies released over the past few days highlight the often-schizophrenic nature of the discussions taking place in many workplaces – including on experiment that showed 83% of individuals finding a lost corporate smartphone would attempt to access corporate data on it.
Symantec hit the nail on the head about the potential dangers. In a survey of 6,275 organizations of all types and sizes in 43 countries, the security giant found that more than half (59%) of those organizations are making internal line of business applications available to employee mobile devices and nearly three-quarters (71%) are considering an enterprise app store distribution system for such internal apps as well as public apps found in Apple’s iOS App Store or Google Play.
Symantec also found that by and large companies feel such mobile initiatives are working – 73% of businesses said that they had achieved successful increases in efficiency as a result of new mobile technology.
At the same time, that success is coming at a hefty cost. Nearly one-third (31%) of companies reported that IT has already become involved in mobile management processes and just under half (48%) described such efforts as “somewhat to extremely challenging” when it comes to balancing security and the needs/desires of mobile workers. 41% cited mobile devices as one of the top three risk areas – making it the biggest risk factor cited in the survey overall.
Symantec also underscored the security threat by running a lost device simulation in which the company loaded 50 smartphones up with phony personal and corporate data (along with monitoring tools) and deliberately “lost” them to see how likely a breach might be in a real world situation. The vast majority of devices (83%) showed attempts to access corporate-related applications or data including a remote access/administration app and dummy HR files.
Despite the risks and potential costs, most companies (71%) feel they broke even in the end because of the advantages of an engaged mobile workforce – a point that should not be underestimated.
Simon Placks, director of Ernst & Young’s fraud investigation and dispute services division, told ITPro recently that support for BYOD and unrestricted Internet access are already beginning to be a factor in the decision-making process job candidates. Put another way, Network World’s Sean Martin described the situation as one where users rather than IT or management are driving the discussion – a perspective that explains the ambivalent nature of such discussions.
Let’s be honest — users are controlling the IT security agenda, like it or not. They love their devices and the apps on them, and they want to use them at work. Clearly, vendors and enterprises alike have recognized this is more than a fad and are fueling the secondary driving force behind BYOD: the potential to make and/or save money by capitalizing on the movement.
Lastly, proving that BYOD and always connected mobility is a global trend, BT’s SecureThinking notes that 92% of knowledge workers in China have the ability or are encouraged to supply their own mobile technology.
Since it’s clear this trend isn’t going to stop, IT needs to re-imagine mobile security. That, according to an analysis by Forrester, will mean throwing out a lot of long-held concepts about mobility, security, and even the role of IT itself.
Source: Network World