BYOD mobile data security policy? Not just now thanks
Absolute Software Corporation has announced what it labels as “independent research” suggesting that as much as a third of UK businesses have no formal or enforceable policy or process in place to manage the use of mobile devices in the work place.
Independent, but on contract
Independent specialist technology market research company Vanson Bourne conducted the survey, on what appears to be a paid contract “on behalf of” basis by Absolute. The firm’s interest in commission such as survey no doubt rests closely to the fact that it directly labels itself as a provider of firmware-embedded endpoint security and management solutions.
The research surveyed 1,200 IT decision makers from a variety of vertical sectors across the UK, France, Germany and the United States. The research investigated trends in mobile device management, security and device preferences in the workplace.
“IT has been staring down the barrel of mobility and all the security issues it entails for the last couple of years. It’s seriously worrying to find so many companies taking no action to properly secure and manage their mobile devices. Given the significant financial and commercial risks surrounding data loss it’s surprising to see that companies are still not prioritising security,” said John Livingston, chairman and CEO at Absolute Software.
Livingston goes on to say that as different devices make their way into the enterprise (and employees expect greater access to business applications and data from the field), IT is facing an increasingly difficult challenge to manage and support a deployment across a multitude of operating systems and form factors.
It’s BYOD vs IT
Key findings around BYOD, data security and network access:.
- 7% of UK companies & 18% of US companies rely on ‘bring your own device’ policies to deploy mobile devices
- 38% of UK companies & 42% of US companies offer a hybrid model – providing company owned devices alongside BYOD
- Over three quarters (78%) of companies do not rely on IT to dictate device and platform
- Two thirds (67%) of companies use remote lock and wipe to prevent data loss
- One in ten (11%) companies do not have any method for securing data on mobile devices at all
- Almost four in ten (38%) companies allow all devices access with a password
- 7% don’t restrict access at all
When it came to provisioning mobile devices, seven per cent of UK companies rely on employees bringing their own device (BYOD) which creates an extremely diverse environment that IT is expected to manage and secure. In the US that figure rose to almost one in five companies (18 per cent) using BYOD alone. Both French (15 per cent) and German (16 per cent) companies more frequently allowed employees to use personal devices than UK organisations.
Corporate-owned, personally enabled (COPE)
According to Absolute, “In the UK, the majority (38 per cent) offer a hybrid model, allowing employees to use their own devices as well as providing employees with company-owned devices of their choosing. In the US the majority (42 per cent) of companies surveyed also deployed this tactic. Both France and Germany favoured corporate-owned, personally enabled (COPE) strategies for mobile devices, allowing employees to choose a mobile device that would be bought, owned and managed by the company but used personally as well as for work.”
The UK, France and Germany were the most restrictive when it came to mobile device management with almost three in 10 companies reporting that they would neither allow choice nor use of personal devices and that IT dictated what device and platform employees could use. In the US this figure dropped to only 15 per cent of companies taking this dictatorial approach, led by IT.
Securing corporate data
Securing corporate data on mobile devices was a key concern for many companies. The most common method of securing corporate data on a smartphone or tablet is for employees to agree that IT may perform a remote lock and wipe if the device is lost or stolen – this accounts for two thirds (68 per cent) of UK companies.
However, almost a fifth of UK companies reported that they did nothing to secure any data on mobile devices. Conversely, the US was the most secure with only eight per cent reporting that they took no action to secure data on mobile devices.
“The rapid pace of the consumer technology market has left the enterprise in the dust when it comes to providing its employees with cutting edge devices. For many work has become the place where they are forced to use devices older and slower than their own, something that many employees seek to circumvent by simply accessing work-related data through their own unmanaged, often in-secure devices. This inevitably leads to security issues as data spreads across rogue devices,” commented Livingston.
Whilst many enterprises are looking to satisfy workers by letting them chose devices, or bring their own, a large number are struggling to marry security with increased freedom and mobility that employees are demanding. Despite mobility and BYOD being buzzwords of the last year or so, there appears to be no agreed approach on how to manage this trend, in some cases businesses are even choosing to ignore the issue when faced with this dilemma.
Despite the rapid maturity of mobility trends, the approach to managing and securing mobile devices in the workplace is startlingly immature. Absolute suggests that this immaturity is a real danger zone for businesses, particularly as EU legislators look at re-writing the rule books when it comes to data regulation.
- Tags: absolute software · Bring Your Own Device · BYOD · COPE
With respect to “Securing corporate data on mobile devices was a key concern for many companies. The most common method of securing corporate data on a smartphone or tablet is for employees to agree that IT may perform a remote lock and wipe if the device is lost or stolen – this accounts for two thirds (68 per cent) of UK companies.”
I think this is a sad fact. Even sadder if this is how UK companies are trying to secure data in BYOD devices.
The end user impact is significant. Wipe the device = wipe personal data. Fine if I’m okay with that, but what if I’m not? Remote lock my device on a saturday because my son enters the pin code wrong 5 times while I’m out the back? How annoying.
And, these actions do little to secure business data. There are many many ways to circumvent pin code device security. Just google it. And how do you wipe my device remotely if I’ve stolen the phone, removed the SIM card, and don’t connect to any wifi network? Sure you might have a time bomb but to be usable it would have to be a week at least. That’s a week that I can google how to circumvent your device pass code and access all of your business data.
why can’t I find user reviews of the Good App?
my company wants me to install on my personal phone-what are the drawbacks and risks to my privacy by installing this application?