It’s not a question of to BYOD or not BYOD. Enterprises of all sizes realize that employees are bringing in personal devices to access email, corporate data and a boatload of apps that make the workday easier. The question is security, and why isn’t anyone paying attention?
Recent research conducted by the Ponemon Institute, on behalf of ZixCorp, shows that a majority of companies in all industries, from finance and healthcare, to retail and industrial, currently support BYOD. Yet, out of those responding, 46% do not protect corporate data. Can we repeat that? Almost half of those surveyed do not have tools or polices in place to secure the assets.
Further, of those that do have solutions, a full 60% are not satisfied with what they have and 56% are in the market to replace what they are using. What on earth is going on? Mobile Enterprise spoke with Dr. Larry Ponemon regarding the results.
“Organizations are struggling with mobile device security and related policies and procedures,” he said, adding that this is resulting in a loss of control, and sticky issues from an operational and legal/privacy standpoint. What content is on the device? Are the apps acceptable?
“The average hardworking person is not doing something to circumvent security or malign the employer,” Dr. Ponemon said. An employee might even be making mistakes inadvertently, not in attempt to become the next Snowden or WikiLeaks founder. Cutting corners, using runarounds, is really just about getting the job done easier and faster.
Yes, Email is a Risk
In SMBs, 62% of employees primarily need email, contacts and the calendar. In larger organizations, far more employees require more access to the network, an average of 47%. In all cases however, there is a risk.
“Who owns the data? How is it segregated?” Dr. Ponemon asked. There is a strange philosophy, he noted, that email by itself is not a potential problem. But it is, when it moves a lot of data on a daily basis from person to person. That’s thousands of emails and attachments just itching to reside on someone’s device, exposing the business and compromising compliance.
One easy fix to that problem is a secure email environment. ZixOne, for example, provides protected access to corporate email and enables attachments to be viewed from an exchange server, not a download.
And What Is Everyone Else Doing?
A good portion of organizations – 40% - limit BYOD because of inadequate security products or the associated costs. For those that do enable, however, security seems to be background noise – something on the periphery of conversation, yet is not being acted on effectively.
Currently, 37% of respondents are using mobile device passwords, 32% have secure containers and 30% use MDM. And again, 46% are doing nothing, allowing intellectual property to freely roam the halls.
And going further, when an employee uses an outside sharing service to transfer files, and company data is sitting on a public cloud, the organization is not aware of how such sensitive data is being accessed.
“The enterprise has to move out of the ignorance is bliss state and not just start thinking about the risks, but taking action,” Dr. Ponemon said. Having solutions in place is the best move, not getting blindsided by disaster later, as hackers are simply not going to sleep. They are well aware of vulnerabilities and always looking to infiltrate the network.
So, What’s the Solution?
Yes, there is going to be pushback when a company demands full control of an employee owned device. Individuals tend to balk when asked to fork over the reins to something they personally bought. Yes, there is going to be rebellion when password protocol is put into effect and it’s a ridiculous gauntlet. No one wants to be slowed down by a slew of multiple sequences too difficult to memorize.
BYOD came about because of user demand. Take away the user experience, and the movement is dead.
Going forward, is there anything on the horizon to make it easier for enterprises and end-users alike? “The magic bullet, in my opinion, is biometrics,” Dr. Ponemon replied. “Biometrics is not all the same, nor is it science fiction. Quality voice recognition, instead of having to remember alphanumeric strings, will make it easier for end users, and security becomes invisible.”
Biometrics is currently underused yet has huge potential, especially on mobile devices. (The combination of two biometrics can make it even more powerful.)
Whatever solution is in place, just remember this: when end-users do not get delayed by the authentication process, there is less irritation and screaming at the touchscreen, and increased productivity. Previous Ponemon Institute research, for example, shows that single sign on in healthcare can result in significant savings - two million dollars actually - for an average hospital.