Despite widespread adoption, companies fail to implement BYOD policy

Lumension’s BYOD and Mobility Security Report, was conducted by Holger Schulze's Information Security Community group on LinkedIn. It found that BYOD is becoming mainstream, with close to 20% widely supporting privately-owned devices being used for work, and an additional 35% saying BYOD is under evaluation. Only about 40% of respondents said that they’re still supporting company-owned mobile devices.

When it comes to primary drivers and benefits of BYOD, improved employee satisfaction, productivity and mobility were each cited by more than 50% of respondents.

However, security is also a very big concern and was cited by 70% of respondents as the top criteria for success, even over employee productivity, which was called out by 54%. Respondents fear a loss of company or client data, unauthorized access and malware infections, and many say they lack the resources necessary to address these security concerns. In fact, almost a third of organizations say that they do not have even a basic BYOD policy in place to help mitigate some of the risk.

“What is concerning to me is the lack of security that is actively implemented, according to survey respondents,” said Paul Zimski, vice president of solution marketing at Lumension, in a statement. “Over a third of organizations have no security at all and most are relying on just encryption. Encryption is great if the device is lost or stolen, but it does little good against something like a phishing attack. In the end, a mobile device is an endpoint, subject to the same attacks we protect against on so-called traditional endpoints. Encryption simply is not enough.”

Mandatory use of encryption was cited as a risk control measure for mobile devices by 40% of respondents. Encryption is considered best equipped to deal with lost or stolen devices, which was the third-ranked security concern, after lost data and unauthorized access. When asked if they felt ready for a full enterprise BYOD adoption, only 6% responded that their organization was 100% ready, while the majority of respondents claimed to feel less than 50% ready for BYOD.

The findings – that there is widespread BYOD adoption afoot with little security policy in place to support it – dovetail with other examinations of the BYOD phenomenon. A recent report by Varonis found that 74% of companies allow BYOD, but only 41% have a formal policy – 33% of companies operate no formal policy but simply have a permissive attitude.

What’s hot on Infosecurity Magazine?