The lead paragraph from a Computerworld article published a year ago August reported the findings of a Bring-Your-Own-Device (BYOD) study, saying:, “Corporate attitudes toward BYOD policies appear to fall into one of three categories, according to a survey of IT users released this week: There’s no official BYOD policy, devices are banned, or no one talks about it.”
Seemingly, not a lot has changed. Everyone recognizes the security concerns that accompany BYOD, but few are doing anything about it.
In the second annual BYOD & Mobile Security Study independently conducted by the Information Security Community on LinkedIn, the loss of company or client data, followed by unauthorized access to company data and systems, are the biggest security concerns. Despite that, only 21 percent of respondents’ organizations have fully implemented BYOD policies, processes and infrastructure. Twenty-four percent have no mobile device policy. Twenty-one percent said that privately owned devices are widely in use in their organizations, but are not supported within their organizations.
A related story in FierceMobileIT reiterated these statistics, curiously followed by, “A key to implementing a BYOD policy is to communicate the policy to employees. After the initial acquiescence of the employee to the policy, ensuring adherence to the policy requires continual reinforcement.”
To quote the Master Yoda, “Communicate you cannot what you have not.”
There are more connected mobile devices in the world than there are people. By 2018, there’ll be 1.4 per capita, according to our technology partner Cisco. They have become indispensable tools for getting work done, from anywhere. No one doubts that. But they are also a sieve for bad actors to penetrate corporate networks. Therein lies the conundrum.
In a two-part blog, Securing Employee Device Freedom, Kathy Trahan, Senior Security Solutions Marketing Manager at Cisco,says it’s time for business management and technology management to break this logjam for the benefit of both BYOD agendas — productivity and security. Approaching the challenge with the objective of creating a holistic enterprise mobility strategy gets both sides talking and hopefully understanding their respective realities.
We couldn’t concur more. However, getting to a holistic enterprise mobility strategy is only part of the solution. Data security is THE hot button, not only for BYOD policies but throughout the entire enterprise, regardless of company size or industry. We hear that all the time from customers. Walking the line between complete lockdown and wide open spaces, getting to that proper balance of risk/reward, will never happen in isolation. The holistic approach must encompass the complete corporate security policy. Otherwise gaps will inevitably be left open, inviting BYOD of another sort: bring your own disaster.