BYOD causes security headaches

Security and privacy concerns plague 77% of IT leadership when building and implementing mobility strategies.

  • Monday, 21st October 2013 Posted 11 years ago in by Phil Alsop

The massive gap between the number of personal devices and applications accessing corporate IT networks and security audits of the applications being touched by these mobile devices, is leaving IT leaders struggling to solve security problems. That’s according to a new survey published today by Dimension Data, the USD 5.8 billion global IT solutions and services provider.

The Dimension Data Secure Enterprise Mobility Report reveals that despite a massive 82% of respondents saying that their organisations’ employees are using personal devices and applications for work, only 32% have conducted security audits of applications touched by mobile devices. Moreover, an alarming 90% of survey participants said that they do not have the necessary capability to stop employees using their personal mobile devices to access enterprise systems on their own - even if they wanted to.


This suggests that IT leaders are struggling to solve the security problems stemming from supporting BYOD (bring your own device) and enterprise mobility amid an explosion of personal devices and applications accessing the network.


Dimension Data surveyed 1,622 IT and security professionals in organisations with more than 250 employees in 22 countries across Asia, Europe, Middle East & Africa, and the Americas.

According to Matthew Gyde, Dimension Data’s Group General Manager for Security Solutions, the lack of visibility into what’s sitting on the corporate network raises major data security risks for organisations.


“Unknowns significantly increase the opportunity for intrusion, so when organisations are aware of the mobile devices on their networks, as well as the applications that can be accessed via these devices, they’ll be able to not only identify rogue devices, but also track new applications coming into their enterprise,” he explains and points out that another key benefit of knowing what mobile devices are on the corporate network is the ability to monitor user adoption of mobile enterprise applications.


The Dimension Data Secure Enterprise Mobility Report also reveals that:
· A low number (27%) of the 1,622 IT decision-makers surveyed said they have well-defined network policies in place for mobility;
· Around 23% confirm that their organisation allows employees to download
non-corporate applications to increase productivity; and
· 29% of those organisations surveyed say that non-employees and guests are able to obtain limited access to their organisation’s network from personal mobile devices.


Meanwhile, where IT departments are able to exert control to protect corporate data while managing the introduction of personal devices – through security audits, for instance – Dimension Data’s research reveals that many don’t. In fact, over 71% of survey respondents said that their business leaders view employee utilisation of personal mobile devices as potentially dangerous, costly and not business critical.


Says Gyde: “From a security perspective, this negative view of BYOD is understandable, considering that the extent and depth of the risk has not adequately been measured against business policy. That’s because many organisations have yet to evaluate the impact of mobility beyond the device itself.”


Tim Boyd, Security Solutions Specialist at Dimension Data reckons that having rogue, inadequately protected, and unknown devices on the network is just one element of the risk landscape. “In addition to information security risk, server and application infrastructures are also under greater pressure as users, data and devices traverse the network. Not considering the entire enterprise mobility landscape has led to an assumption of risk that is often grossly miscalculated, leaving organisations exposed to financial and reputational threats.

“Security experts should be involved in the development of an organisation’s mobility strategy, a key part of which is an audit of applications accessed by mobile devices. With the correct policy and measures, it is possible to support BYOD and enterprise mobility without compromising security,” says Boyd.