The more one looks into BYOD issues, the more complex it turns out to be. According to a new survey, most IT departments don’t have a firm grasp on the levels of BYOD in their organizations, and employees have no clue as to how much mobile security control is in place. A certain level of the findings, I’m sure, can be attributed to MDM tools like AlertBoot Mobile Security, which are transparent to endusers.
In a way, it reminds me of that optical illusion where, depending on how you’re conditioned, a picture can either be the portrait of an old lady or a young woman.
IT Blind to Rogue BYOD
According to cio.com, a survey involving 350 people found that:
on average, IT staffers believe that 37 percent of employees access corporate resources from their own devices. But 71 percent of employees report they do so.[cio.com]
In other words, there are twice as many BYOD users than the tech department is aware of. This is a problem on many levels. There are the usual security concerns, obviously, such as the potential for malware to make its way around a corporate network. There is the unforeseen risk coming from a data breach due to the loss or theft of a device: if mobile device encryption is turned on, the risk is minimal, but if it isn’t — or is temporarily turned off… well, all I can say is that there have been plenty of million-dollar-plus settlements and finds over the years.
But, problems can also be of your more quotidian variety. For example, there are only so many devices you can have connected to a wireless router before its signal starts to degrade, meaning spotty internet coverage even if everyone’s within 10 feet of the wireless hub. An IT department that thinks they’ve got 30 devices connecting wirelessly to that hub might think it’s time to get a new router — one router, mind you — when the right solution is to add another router.
Employees Want Freedom and Won’t Tolerate Anything Else (But They Already Do)
The same survey found that employees “have relatively little tolerance for IT placing security controls on their personal devices.” Examples given include logging both data and web content access, or being restricted on what websites one is allowed to visit.
“People who are accessing these corporate networks are being logged and they don’t realize it,” he says. “And the regulations have come down pretty clear on this: The corporate network is a corporate-owned resource and companies are allowed to log what they want.”
“Employees just don’t realize how much control’s already put on them already,” Chiu adds. “They don’t realize until they get a block or aren’t able to get to a specific site.”[cio.com]
Such logging and blocking has always existed in the corporate environment and always will. Granted, it would be verboten if this were true for a user accessing sites at home during his private time. But in the office? As long as a user is using corporate resources (accessing the internet via office-provide Wi-Fi counts as such), it’s fair game as Chiu points out above.
According to the survey, for mobile devices:
41% of companies log corporate data access
37% limit content that can be accessed
34% log content accessed via the web
Related Articles and Sites: