Report Illustrates Conflicted Feelings about BYOD Value
For members of the Cyber Security Trend Community, if you are not part of the LinkedIn Information Security Community, which counts in its ranks over 300,000 members, you might wish to join. A great reason, along with all of the discussions, is that it also is a valuable research resource. This is exemplified in its latest 2016 BYOD and Mobile Security Report ,which is based on a member survey of over 800 global cyber security professionals.
We all are aware that the Bring Your Own Device (BYOD) is a trend in organizations, of all sizes, locations and vertical markets that is clearly here to stay and grow. W are also aware that as a result of the prevalence of BYOD, and the use of wireless technologies for connectivity the vectors of vulnerability have greatly expanded. To say the least, this has made the job of securing data at rest and on the move that much more complicated for IT.
What the new study found is a “conflicting” portrayal of BYOD security barriers and adoption trends in the workplace. These include:
- Security (39 percent) and employee privacy (12 percent) are the biggest inhibitors of BYOD adoption.
- In contrast, management opposition (3 percent) and user experience concerns (4 percent) rank far lower.
- One in five organizations suffered a mobile security breach, primarily driven by malware and malicious Wi-Fi.
- Security threats to BYOD impose heavy burdens on organizations’ IT resources (35 percent) and help desk workloads (27 percent).
- Despite increasing mobile security threats, data breaches and new regulations, only 30 percent of organizations are increasing security budgets for BYOD in the next 12 months.
- Meanwhile, 37 percent have no plans to change their security budgets.
Sponsored by, Bitglass, Blancco Technology Group, Check Point Software Technologies, Skycure, SnoopWall, and Tenable Network Security, the report has a series of interesting graphics about why respondents really are conflicted when it comes to BYOD and its benefits and costs.
In speaking with Holger Schulze, founder, Information Security Professionals, he noted that: “We are in an arms race that unfortunately seems to have no end in sight. Companies are investing in most cases, but the adversaries are skilled, motivated and creative. Awareness of the problem is increasing. C-level gets it. They can see the impact that security problems in general, and those associated with BYOD and the virtualization of work, have on brand reputations, the stock price, and the bottom line. Yet, surprisingly the study found that only 30 of respondents said their organizations are increasing budgets for BYOD.”
Readers are encouraged to download the entire report. As an inducement, one chart of special interest to our community is the one that depicts the answers to the question, “What are your main security concerns relating to BYOD?”
As Schulze explained, “There remains a lack of education and visibility regarding threats and best practices that needs to be accompanied by the proper use of technology to enforce policies and rules.” He also noted that challenges remain regarding wiping devices that may be employee owned.
Another pullout is the answer to the question, “What is your biggest pain point when it comes to mobile security?” Responses are illuminating:
- PROTECTION: 42 percent said they need a solution that not only detects threats but also remediates them based on the corporate policy
- INTEGRATION: 33 percent said they need a mobile security solution that integrates with our existing network (e.g., SIEM), endpoint (e.g., MDM or EMM), or ITSM (e.g., System Center) platforms.
- VISIBILITY: 15 percent said they need to see all affected devices and the types of threats.
The remaining 10 percent feel into the “Other” category.
As noted, there is granularity about the rate of malware infections experienced and the time to remediate it, along with other useful insights.
Finally, there is also an open question about the real costs and benefits of BYOD in the enterprise. Enthusiasm is certainly great for allowing workers to enjoy access to the tools they need to perform from wherever they happen to be. Indeed, C-levels can’t live without such devices for running their organizations. However, from a life cycle perspective the extra burdens placed on IT to support BYOD devices and properly invest in and employ a variety of mobile threat management (MTM) tools certainly makes a cost/benefit analysis of BYOD, whether the device is company or employee provided an interesting topic for a future deep dive.
Edited by Maurice Nagle