The survey revealed that to mitigate security risks, organizations are turning away from a trust-only approach for consumerized IT and implementing three-layer security and compliance strategies that include employee trust, policy, and technology.
Seventy-three percent of those polled stated that they are using a combination of policy and trust to secure consumerized IT; 51% are using a security strategy combining policy, technology, and trust; while only 11% are relying on trust alone, according to the survey of 632 IT personnel from companies and government agencies conducted by Osterman Research for Proofpoint.
“Organizations have moved from simply trusting employees to putting in place policy plus technology as a strategy to reduce the risks around these consumerized IT services”, Andres Kohn, Proofpoint’s vice president of technology and product management, told Infosecurity.
Also, 67% of respondents said that email was the most used application on mobile devices. Most enterprises have email security technologies, policies and processes in place that provide email encryption, archiving, security, and data loss prevention, the survey found.
“Having in place the right email security technologies is extremely important. Make sure that you are ensuring that emails that come into the organization do not contain malware. Some organizations are deploying mobile endpoint technologies to make sure all the data is correctly encrypted. Other organizations are deploying web gateway security technologies to moderate or control the use of social media and consumerized web services”, explained Kohn.
Regarding those organizations that do not allow the use of consumerized IT (16% of respondents), a full 64% of those organizations suspect that employees are using it anyway; 56% either have no consumerized IT adoption strategy in place or do not know if their company even has a plan; only 29% have an adoption strategy in place; and only 13% are in the process of developing a plan to integrate consumerized IT.
“What is interesting here is the ‘head in the sand’ approach, where the organizations that say they don’t allow [consumerized IT don’t have any plans to control it or have a strategy is place as to how to allow it. So they are introducing more risk into their organization because, in fact, employees are doing it anyway”, Kohn said.
“A key conclusion [of the survey] is that people are going to be using mobile devices and consumerized IT services on the net to do their business because it’s easy and productive….So organizations need to recognize that this is going happen and put a strategy in place from a policy and technology point of view to address it”, Kohn concluded.