It’s not a question of to BYOD or not BYOD. Enterprises of all sizes realize that employees are bringing in personal devices to access email, corporate data and a phoneload of apps that make the workday easier. The question is security, and is anyone paying attention?
Research conducted by the Ponemon Institute, on behalf of ZixCorp, shows that a majority of companies in all industries, from finance and healthcare, to retail and industrial, currently support BYOD. Yet, out of those responding, 46% do not protect corporate data. That’s right — almost half of those surveyed do not have tools or polices in place to secure the assets.
Further, of those that do have solutions, a full 60% are not satisfied with what they have, and 56% are in the market to replace what they are using. What is going on?
“Organizations are struggling with mobile device security and related policies and procedures,” said Dr. Larry Ponemon, adding that this is resulting in a loss of control, and sticky issues from an operational and legal/privacy standpoint. What content is on the device? Are the apps acceptable?
“The average hardworking person is not doing something to circumvent security or malign the employer,” he said. But an employee might be making mistakes inadvertently, not in attempt to become the next Snowden or WikiLeaks founder. Cutting corners, using runarounds, is really just about getting the job done easier and faster.
Yes, Email is a Risk
In SMBs, 62% of employees really just need email, contacts and the calendar. In larger organizations, far more employees require more access to the network, an average of 47%. In all cases however, there is a risk.
“Who owns the data? How is it segregated?” Dr. Ponemon asked. There is a strange philosophy, he noted, that email by itself is not a potential problem. But it is, when it moves a lot of data on a daily basis from person to person. That’s thousands of emails and attachments, just itching to reside on someone’s device, exposing the business and compromising compliance.
Organizations that limit BYOD do so primarily because of inadequate security products or the associated costs. For those that do enable, however, security still seems to be background noise — something on the periphery of conversation, yet is not being acted on effectively.
Currently, 37% of respondents are using mobile device passwords, 32% have secure containers and 30% use MDM. And again, 46% are doing nothing, allowing intellectual property to freely roam.
And going further, when an employee uses an outside sharing service to transfer files, and company data is sitting on a public cloud, the organization is not aware of how such sensitive data is being accessed.
“The enterprise has to move out of the ignorance is bliss state and not just start thinking about the risks, but taking action,” Dr. Ponemon said. Having solutions in place is obviously the best move; don’t gett blindsided by disaster later, as hackers are simply not going to sleep. They are well aware of vulnerabilities and always looking to infiltrate the network.