A new survey reveals concerns among IT professionals as more personal mobile devices are used in the enterprise.
The trend, known as BYOD (bring your own device), has arisen from business demand as employees seek to take advantage of more powerful and affordable mobile devices that let them work from any location. The
“BYOD presents both opportunities and threats. It lets both employees and organizations take advantage of the latest technology innovations at limited cost to the organization,” says John Pironti, advisor with ISACA and president of IP Architects, LLC. “Unfortunately, it also introduces new vulnerabilities, due to the limited ability of most organizations to effectively manage and secure employee-owned devices accessing their information infrastructure.”
The specifics risks most associated with BYOD include storing data in an unsecured manner (44%) and loss of the device (27%).
Even though the devices present a challenge to IT organizations, survey respondents did acknowledge their business value, with 36% saying the risks and benefits of BYOD are appropriately balanced and 27% indicating that the benefits of employees using personal devices outweigh the risks. Nonetheless, 37% indicated that the risks outweigh the benefits.
As for risk mitigation, the greatest percentage of respondents indicated that their company had policies and controls that allow for encryption, password requirements and management of organizational (non-personal) data on the smart devices. Respondents also viewed education as key.
“Organizations should educate their employees on their BYOD security requirements and implement a comprehensive mobile device policy that aligns with the organization’s risk profile,” Pironti says.