As BYOD Skyrockets, Security Is Not Keeping Up

The study suggests that IT leaders are fighting a tsunami of unmanaged devices that threatens to overwhelm their resources
The study suggests that IT leaders are fighting a tsunami of unmanaged devices that threatens to overwhelm their resources

A new survey has outlined the stark gap between BYOD and security for these devices: a whopping 82% of respondents said their organizations’ employees are using personal devices and applications for work. Yet, only 32% of those organizations have conducted security audits of the applications touched by those mobile devices.

The study, from the Dimension Data Secure Enterprise Mobility Report, suggests that IT leaders are fighting a tsunami of unmanaged devices that threatens to overwhelm their resources. An alarming 90% of survey participants said that they do not have the necessary capability to stop employees using their personal mobile devices to access enterprise systems on their own – even if they wanted to.

The lack of visibility into what’s accessing and sitting on the corporate network naturally raises major data security risks for organizations, according to Matthew Gyde, Dimension Data’s group general manager for security solutions.

“Unknowns significantly increase the opportunity for intrusion, so when organizations are aware of the mobile devices on their networks, as well as the applications that can be accessed via these devices, they’ll be able to not only identify rogue devices, but also track new applications coming into their enterprise,” he explained.

Those rogue, inadequately protected and unknown devices on the network are just one element of the risk landscape. “In addition to information security risk, server and application infrastructures are also under greater pressure as users, data and devices traverse the network,” said Tim Boyd, security solutions specialist at Dimension Data. “Not considering the entire enterprise mobility landscape has led to an assumption of risk that is often grossly miscalculated, leaving organizations exposed to financial and reputational threats.”

Given the security issues found on the vast majority of devices within mature networks, IT leaders are rightly concerned about data security and access control issues relating to mobility. The importance of protecting company data is a top mobility priority for 71% of respondents, while 65% identified access control as their top priority.

Even so, the report also revealed that a low number (27%) of the 1,622 IT decision-makers surveyed said they have well-defined network policies in place for mobility. Other stats also point to a general lack of mobility policy: Around 23% confirm that their organization allows employees to download non-corporate applications to increase productivity; and 29% of those organizations surveyed say that non-employees and guests are able to obtain limited access to their organization’s network from personal mobile devices.

One top area where IT leaders have the greatest amount of control – conducting security audits of applications touched by mobile devices – has not been a priority, the study found. Only 32% of respondents have taken that step.

Part of the reason for that is a lack of interest in dealing with it by business leadership. A full 71% of survey respondents said that their business leaders view employee utilization of personal mobile devices as potentially dangerous, costly and not business critical.

Dimension Data ascribes the gap between awareness and action when it comes to BYOD to the sheer enormity of the security task, and recommends taking a holistic view of mobile security. “As organizations have seen a rise in employee-owned devices requesting access to network resources, it can be difficult to know where to start,” Boyd said. “Securing critical data and your infrastructure is not just a ‘I want to get my iPad on the network’ problem. One must look at the greater scope of enterprise mobility and consider many facets including security policy, risk assessment, costs of operational support, and the effects on application service delivery and employee productivity. Ultimately the business case must establish a balance that maximizes the utility of an organization’s resources for each of the stakeholders involved.”

What’s hot on Infosecurity Magazine?