The other day I questioned whether security was good enough for Gartner’s predicted enterprise mandatory BYOD implementation by 2017.
Well, according to a recent survey commissioned by Smith Micro Software, IT managers have serious BYOD-related security concerns. In this case, 75 percent of the 250 IT managers surveyed are worried about employees using mobile hotspots. And according to an article on eSecurity Planet:
Seventy-one percent of respondents said their employees currently leverage smartphone hotspots — and while 93 percent of companies surveyed are responsible for all or part of their employees’ data plans, almost half of IT managers feel that they don’t have adequate control over employee hotspot devices.
In a statement, Doug Louie, senior director of product marketing at Smith Micro, correctly pointed out that as enterprise embraces BYOD, it ends up as IT’s responsibility to make sure the devices are secure. Mike Anderson, president and co-founder at Aragon Research, Inc., also said in a statement:
Enterprises have tried to solve the mobile management dilemma by placing their attention on mobile devices and BYOD, but mobile management actually goes far beyond the device. Concern from IT managers around hotspot security is valid. To minimize risk, enterprises need to expand their attention to address mobile device security at the network layer along with apps and data.
There are steps enterprise can take to improve security at mobile hotspots, like requiring users to log into the corporate network via a VPN and making sure all data is encrypted. But honestly, it all circles back to how much IT departments can monitor BYOD devices. Yes, the owner should be responsibility for security at all times, not just when logging into work, but studies have shown that they aren’t responsible.
Perhaps, then, the most important takeaway from the survey isn’t the number of IT managers who are worried about mobile hotspots and security, but that nearly half of them don’t feel like they have control over these devices. But how much control should they have? I think that is the issue that has to be addressed before BYOD security can truly be solved.