You’d think by now that we’d all have a better handle on BYOD and its security needs. According to a new BYOD security survey by Bitglass, we aren’t even close.
The survey was actually two studies. In one survey, the researchers turned to those using their own smartphones in the workplace. The second survey asked for the opinions of those in charge of enforcing IT security, including BYOD policies. In a nutshell, both employees and IT are concerned that BYOD means a loss of privacy. For instance, 57 percent of employees and 38 percent of IT don’t participate in their company BYOD policy because they don’t want the company leadership spying on them. The vast majority, 67 percent, said they would participate in BYOD as long as there was a system that allowed the company to protect corporate data while leaving personal data, well, personal.
As Rich Campagna, vice president of products and marketing at Bitglass, was quoted by eWEEK:
The most surprising finding was the wide discrepancy between desire to participate in BYOD and actual participation rates. This is due to organizations taking undue control over personal devices and poor communications of what can be monitored and controlled by IT.https://o1.qnsr.com/log/p.gif?;n=203;c=204663295;s=11915;x=7936;f=201904081034270;u=j;z=TIMESTAMP;a=20410779;e=i
This disconnect between BYOD policies and the concern for privacy shouldn’t come as much of a surprise. As Cristian Turcu, IT manager with iQuest Group, told me in an email conversation, controlling these devices is a complex task, and the time has come for IT to draw a definite line between corporate and personal data. Turcu added:
This is an important aspect when asking employees to use their own devices for business applications. A user can access the clouds from any device used to store and manipulate data. The idea that we can contain and control the methods used by a user to access the data in the cloud is simply unrealistic. This will add even more pressure on existing security processes by further complicating the task of tracking, security and documenting where data is being stored.
I saw an article that stated the Bitglass survey makes a case for IT departments to do more to protect the end user in BYOD policies, but I think there has to be a better balance. Both sides have serious security and privacy concerns that have to be better addressed. Until that happens, no one is going to be happy with BYOD policies as they are offered now.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba