BYOD Are We Still Not Getting It Right?

Categories: IT Security

Continuing on my recent blogs on BYOD, I thought I would share some interesting statistics from this year’s PwC Information Security Breaches Survey. 75% of large businesses allow staff to use smart phones and tablets to connect to their systems yet only 39% ensure that data on these smart phones is encrypted. Mobile devices are often lost or stolen with any data on them exposed. In the wrong hands these devices can potentially open up a door into corporate assets.

While it’s clear that more and more organisations allow the use of these devices, unfortunately the implementation of security controls has not kept up to date. According to the report over half of small businesses haven’t taken any steps to secure them. So, they may be small businesses but protecting information should be based on risk. A lot of small organizations have highly valuable intellectual property e.g. research and pharmaceuticals and therefore must prioritize in protecting this data. Worryingly organizations that allow personal devices vs. company-owned devices were also shown to have weaker controls. In reality these are the very devices that should have even better controls then the corporate-owned devices.

However, there are signs that overall organizations are following best practice and issuing a policy on mobile computing and providing appropriate training. My recent blogs discussed the importance of MDMs as essential in any interim solution yet only 13% of organizations have deployed a Mobile Device Management platform.

It seems we will constantly be playing catch-up if we are to manage and control these devices and the information they access in organizations. Technology for mobile devices moves fast and security controls lag behind and even where there are controls available organizations aren’t actually following a long term strategy and deploying these in a reactive mode the results of which will be no surprise.

Rashmi Knowles
Author:

Rashmi is Chief Security Architect at RSA, The Security Division on EMC. In her role Rashmi is responsible for Technology and Compliance Solutions for the EMEA region. Her current responsibilities include working with customers in a Trusted Advisor role, Thought Leadership for emerging technologies and key spokesperson in the region for RSA’s Virtualisation and Cloud strategy and Compliance Solutions and a subject matter expert on Data Loss Prevention and Encryption Solutions. Rashmi has over twenty years experience in data communications, mobile communications and has focussed on Information Security for the last 15 years. Rashmi holds a degree in Computer Science from the De Montfort University and a Post Graduate in Computer Studies from the University of the South Bank, London. Subscribe to Rashmi's RSS feed