The survey revealed that to mitigate security risks, organizations are turning away from a trust-only approach for consumerized IT and implementing three-layer security and compliance strategies that include employee trust, policy, and technology.
Seventy-three percent of those polled stated that they are using a combination of policy and trust to secure consumerized IT; 51% are using a security strategy combining policy, technology, and trust; while only 11% are relying on trust alone, according to the survey of 632 IT personnel from companies and government agencies conducted by Osterman Research for Proofpoint.
“Organizations have moved from simply trusting employees to putting in place policy plus technology as a strategy to reduce the risks around these consumerized IT services”, Andres Kohn, Proofpoint’s vice president of technology and product management, told Infosecurity.
Also, 67% of respondents said that email was the most used application on mobile devices. Most enterprises have email security technologies, policies and processes in place that provide email encryption, archiving, security, and data loss prevention, the survey found.
“Having in place the right email security technologies is extremely important. Make sure that you are ensuring that emails that come into the organization do not contain malware. Some organizations are deploying mobile endpoint technologies to make sure all the data is correctly encrypted. Other organizations are deploying web gateway security technologies to moderate or control the use of social media and consumerized web services”, explained Kohn.
Regarding those organizations that do not allow the use of consumerized IT (16% of respondents), a full 64% of those organizations suspect that employees are using it anyway; 56% either have no consumerized IT adoption strategy in place or do not know if their company even has a plan; only 29% have an adoption strategy in place; and only 13% are in the process of developing a plan to integrate consumerized IT.
“What is interesting here is the ‘head in the sand’ approach, where the organizations that say they don’t allow [consumerized IT don’t have any plans to control it or have a strategy is place as to how to allow it. So they are introducing more risk into their organization because, in fact, employees are doing it anyway”, Kohn said.
“A key conclusion [of the survey] is that people are going to be using mobile devices and consumerized IT services on the net to do their business because it’s easy and productive….So organizations need to recognize that this is going happen and put a strategy in place from a policy and technology point of view to address it”, Kohn concluded.
Comments
tnguyengp says:
01 July 2011
People need to ensure that all anti-spyware, anti-malware, and security software and mechanisms are robust and up-to-date for all computer workstations and laptops. Also, if you need to send personal and confidential information through email, be sure you use email encryption to securely send encrypted messages, documents, and files. I use this free service to send and receive encrypted emails at https://www.sendinc.com/ It allows anyone to send and receive military-grade secure encrypted emails in minutes and requires no special technical expertise.
Note: The majority of comments posted are created by members of the
public. The views expressed are theirs and unless specifically stated are not those
Elsevier Ltd. We are not responsible for any content posted by members of the public
or content of any third party sites that are accessible through this site. Any links
to third party websites from this website do not amount to any endorsement of that
site by the Elsevier Ltd and any use of that site by you is at your own risk. For
further information, please refer to our Terms & Conditions.
Comment on this article
You must be registered and logged in to leave a comment
about this article.