Security Report: Keeping Up with Personal Devices

Tuesday, July 19, 2011 @ 11:07 AM gHale

Policies are made to be broken, or, if you can’t beat them join them. When it comes to security, the experts are beginning to accept the fact more workers are using devices such as smart phones and tablets to plug in and do work. The problem is enterprises remain overwhelmed by the need to mitigate risk and support the devices.

Last year IT departments said they were not ready for the rapidly growing usage of consumer technologies in the workplace, according to a report for Unisys Corp., conducted by IDC. One year later, the gulf appears to be greater as more organizations realize the trend is inevitable, according to the report.

Web Sites to Find if You’re a Target
Paranoia Means Better Security
Protecting Against Zero Day Attacks

While IT departments see business value in allowing mobile workers to use personal devices and access social networking sites, they are “hamstrung by security and support issues and a growing workload,” according to the report.

“The good news from the new research is that, in contrast to last year, IT executives are recognizing that the consumerization of IT trend is real and inevitable,” said Fred Dillman, Unisys chief technology officer. “However, they appear to be frozen by the magnitude of issues created by the rapidly growing usage of consumer technologies within the enterprise.”

The study draws upon two separate but related surveys conducted in nine countries. One study surveyed nearly 2,660 information workers within organizations, while the second study polled some 560 IT department executives and managers.

The fact is workers are bringing personal devices into the enterprise at an increasing rate, with 40 percent of the devices used to access business applications being personally owned, a 10 percent increase over last year. Use of social media applications, blogging, and microblogging also increased.

This year 20 percent of organizations surveyed used Facebook and MySpace for business purposes, while 8 percent said they used the site for business in 2010.

Unisys said this increasing penetration of consumer technology in the enterprise comes from the concept of mobility. Fifty-three percent of workers surveyed said mobile devices such as laptops, smartphones and tablets are their most critical devices for doing work, up from 44 percent in 2010. That rate should rise in 2012 with 65 percent noting that a mobile device will be their most critical work device next year.

While IT executives recognize the trend, and many believe allowing the use of personal devices raises employee morale, they also understand they are falling behind in supporting the devices and effectively managing security, according to the report.

The survey found workers report using smart mobile devices for business purposes at twice the rate that IT executives believe to be the case, with 69 percent usage reported by employees vs. 34 percent of IT executives stating workers used these devices for work.

Policies around consumer technologies are face a purchasing chasm, with 87% of IT groups saying their policy is for workers to source smart mobile devices from the enterprise, and for the enterprise to cover all costs. However, over half of employees using products such as iPhones, Android phones, and iPads for work said they bought their device themselves, without any reimbursement from their employer.

This data point shows the disconnect between IT’s policies toward the purchase and use of smart mobile devices, and the grassroots adoption of these devices in the organization today, according to the report. Enterprises think they are in control of these devices, but in fact they are in control of only a small part of their infrastructure, with a significant number of employees going off the grid in acquiring and using their own devices.

The scenario was the same for social media access: 44 percent of employees noted they use social networks and communities for customer communication. Yet only 28 percent of employers thought that was the case.

When asked the greatest barriers to enabling employees to use personal devices at work, 83 percent of IT respondents cited “security concerns” and 56 percent said “viruses from social networks such as Facebook.”

“Ironically, however, IT respondents indicate that they now do less than they did in 2010 to secure mobile devices in several areas, including publication of social media guidelines,” Unisys officials said.

IT is operating with blinders on, and policies are out of step with the way consumers are using devices and consumer applications, according to the report. IT needs to put the tools and procedures in place to actually understand what types of devices and applications workers are using throughout the organization as a first step to actually getting in front of this trend.

Consumerization of IT is happening whether IT supports it or not. The “just say no” order obviously isn’t working, the report said. It’s arguably worse if employees are using the devices but IT is telling them not to. If IT were at least supporting these devices, it would have a fighting chance at getting the security and management issues right; but by putting blinders on, IT relinquishes all control.

IT needs to revisit and revamp its policies to reflect what is actually happening in the enterprise, and to evolve from a knee-jerk “don’t do it” policy to more sophisticated policies that allow workers to take advantage of these services without disrupting the IT infrastructure or compromising corporate security.

Leave a Reply

You must be logged in to post a comment.