Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

IT and Employees See BYOD Security (Much) Differently

In its November 2012 Blue Coat Mobility Study, the company surveyed 350 respondents and found that most organizations allow employees access to company email (83 percent) and instant messaging (56 percent) on personal devices, but only a fraction open up ERP (31 percent), sales force automation (24 percent) and supply chain management (19 percent) applications to mobile devices that aren't corporate-owned.

"Organizations are trying to figure out how to safely deploy apps beyond email, but right now it's mostly just email," says Timothy Chiu, director of product marketing at Blue Coat.

IT Doesn't Recognize How Pervasive BYOD Is

Organizations are clearly uncertain about mobile malware and employee acceptance of the IT organization placing security controls on employees' personally owned devices, Chiu says, but that also means those organizations are not fully realizing the business productivity potential of mobility. Those IT organizations also don't fully recognize how pervasive BYOD has become among company employees, he says.

Blue Coat found that, on average, IT staffers believe that 37 percent of employees access corporate resources from their own devices. But 71 percent of employees report they do so. Employees are also much more cavalier about the security risks associated with their devices. Blue Coat found that 88 percent of employees believe their device is very or somewhat secure. Meanwhile, a whopping 77 percent of IT managers see the risk of malware spreading to the corporate network from mobile devices as moderate to very high.

Mobile Malware a Minor Threat, But Phishing Isn't

Chiu concedes that while malware is a growing threat in the mobile sphere (particularly with Android devices), mobile malware is still a relatively minor threat. However, mobile devices often make their users more vulnerable to phishing attacks.

"Phishing on a mobile device is almost impossible to pick up," he says. "Mobile phones are much worse than desktops at protecting you from phishing."

For instance, in a normal browser an observant user can spot a fraudulent link when hovering the mouse over a URL. But with a mobile device you typically have to actually touch a link before the mobile browser displays the URL. In addition, mobile browsers tend to autohide the address bar when you go to a site so as to maximize screen real estate. If you've been lured to a fake banking page, it's unlikely you'll spot the phony URL if you're on a mobile device.

Employees Have Little Tolerance for Mobile Security Controls

Regardless of the risks and the fact that employees want access to corporate resources from their mobile devices, the survey found that employees have relatively little tolerance for IT placing security controls on their personal devices. Blue Coat found that only 24 percent of employees would be willing to let IT log their corporate data access from personal mobile devices, only 19 percent would be willing to let IT log any web content they access with their personal mobile devices on a corporate network and only 12 percent would allow restrictions on the types of sites or content that can be accessed with their personal mobile devices on a corporate network.

However, Chiu notes that many IT organizations are already doing these things without employees recognizing it.

"People who are accessing these corporate networks are being logged and they don't realize it," he says. "And the regulations have come down pretty clear on this: The corporate network is a corporate-owned resource and companies are allowed to log what they want."

"Employees just don't realize how much control's already put on them already," Chiu adds. "They don't realize until they get a block or aren't able to get to a specific site."

Blue Coat says 41 percent of IT organizations log corporate data access from mobile devices, 37 percent restrict the types of sites or content that can be accessed from mobile devices on their network and 34 percent log any web content accessed from mobile devices on their network.

Thor Olavsrud covers IT Security, Big Data, Open Source, Microsoft Tools and Servers for CIO.com. Follow Thor on Twitter @ThorOlavsrud. Follow everything from CIO.com on Twitter @CIOonline and on Facebook. Email Thor at tolavsrud@cio.com

Read more about mobile/wireless in CIO's Mobile/Wireless Drilldown.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Comments are now closed.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: BYOD, Technology Topics | Mobile, mobile malware, Networking, wireless, Technology Topics, bring-your-own-device, Security Controls
Latest Blog Posts
Whitepapers
  • Siemens Redefines Efficiency with Pure Storage
    Challenges - Server consolidation stalled due to storage performance limits - IO-intensive Oracle database would not consolidate with other applications - Multiple instances of virtual applications plus the Oracle DB Results - Consolidated 30 servers to 5 - 23% increase in Oracle performance after virtualization - 6.7-to-1 data reduction - Provisioning time reduced by 4x - 2x increase in VMware snapshot release time
    Learn more »
  • The F5 DDoS Protection Reference Architecture part 1 of 3
    Distributed denial of service attacks (DDoS) attempt to make a machine or network resource unavailable to its intended users, with a wave of crippling attacks on enterprises since 2012. This whitepaper offers guidance to security and network architects in designing, deploying, and managing architecture to protect against increasingly sophisticated, application-layer DDoS attacks.
    Learn more »
  • Using an Expert System for Deeper Vulnerability Scanning
    This paper serves security professionals interested in better techniques for finding vulnerabilities, who have a solid understanding of networking principles and familiarity with the concepts related to hacking, vulnerabilities, and exploits. Read on for an in-depth view of the use of expert systems to achieve accurate and detailed vulnerability results.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Latest Jobs
Salary Calculator

Supplied by

View the full Peoplebank ICT Salary & Employment Index

Recent comments