Most IT managers are aware that employees are connecting to the corporate network with their personal smartphones and tablets. Those who choose to just let it happen instead of actively managing it are taking a huge risk.
In fact, two different surveys indicate employees are bringing their devices to work with or without the blessing of IT. And many IT managers are standing by, putting their faith in their employees’ ability to secure their devices on their own.
Not exactly a reliable IT security strategy.
Ignoring the risk
The first survey, by the SANS Institute, involved 650-plus IT and security pros. While most of them agreed a formal BYOD policy is a necessity, only 38% reported having one in place. The percentage that require their employees to sign a mobile device usage agreement was about the same.
Other alarming stats from the SANS survey:
- More than 50% of respondents rely on users to protect their devices from potentially hostile applications
- 40% don’t track mobile devices on their network, and
- Only 20% use mobile device management software as a way to control devices.
The second survey, conducted by London-based business and technology analyst firm Ovum, mirrors SANS findings.
Almost half of the 4,000 or so professionals from around the world who participated in Ovum’s research reported their company’s IT department either doesn’t know about the BYOD trend or turns a blind eye to it in their organization.
Ovum says, by its estimation, almost 80% of current BYOD activity is inadequately managed by IT departments.
The results of both surveys drive home the point that many organizations are leaving themselves wide open to security breaches. As one Ovum analyst puts it, “BYOD multiplies the number of networks, applications, and end-points through which data is accessed…[and these] are the three main points at which data is vulnerable; so if left unmanaged, BYOD creates a huge data security risk.”
So how can IT take control of the situation?
You can start by implementing these three critical components of successful BYOD programs:
- A software application for managing the devices connecting to the network (Mobile Device Management or MDM software)
- A written BYOD policy outlining the responsibilities of both the employer and the users, and
- An agreement users must sign, acknowledging that they have read and understand the policy.
Once these are in place, you can turn your attention to training users on how to use their devices safely and securely.