Bring-your-own-device (BYOD) is proving to be a worrisome security challenge for information security professionals with nearly half the respondents in a recent survey by the Information Security Community on LinkedIn admitting that their organizations are exposed to malware and embedded security exploits brought in by employees or others using downloaded apps or content on personal devices.
Only 21 percent of the 1,100 IT security practitioners responding in the second annual “BYOD & Mobile Security Study” conducted by online community of more than 200,000 InfoSec professionals said their companies have fully implemented policies, processes and infrastructure to address BYOD and 21 percent claimed that while personal devices are used in their organizations, they are not supported.
Despite the significant damage, including loss of company or client data and unauthorized access to data and systems that the use of privately owned devices without proper security can wreak, most organizations simply have not kept pace with the explosion in use of those personal devices in the workplace.
The findings are consistent with the results of the group's first BYOD report, published last year, Holger Schulze, founder of the Information Security Community on LinkedIn, told SCMagazine.com.
“It's one of the largest surveys” on BYOD and the large sample of professionals who have to deal “day in and day out with the operational impact” ensures that it “is a reflection of what's going on in the market,” he said.
Personal devices have taken the workplace by storm because they allow businesses to be more nimble and workers more productive and efficient. And Schulze explained that encouraging BYOD is a good recruiting tool for employers.
“As an employer, it's a lure,” he said, noting that the days of using a computer in a workspace are long gone. Personal devices allow workers to “do what they need to” wherever they need to, said Schulze.
That's borne out by the research. The most popular use for the devices, at 86 percent, is accessing email, calendar and contacts, according to the study. Respondents said document access and editing apps are used 45 percent of the time, followed by Sharepoint and Intranet access at 41 percent. They also accessed apps for file sharing and company-built apps 34 percent of the time.
But security concerns are preventing companies — and employees — from getting the full benefits of personal devices.