My previous blog “I know BYOD but what is this BYOA or COPE?
Being in IT should I worry about all these?” talked about the BYOD,
BYOA & COPE and how it is changing the role of the CIO and how he needs to
adapt else will finally lose control and un-necessitate the position itself to
a larger extent.
In this blog, let me use statistics and
survey results to show how real is the BYOD problem and why we need to address
sooner than later the issue and end with what happens if you ignore the issues
to you and your organization.
There are very few people accessing the
network using their personal devices
According to Blue Coat, nearly twice as many
employees -- 71 % -- report accessing the network with their personal device
than IT administrators believe are doing so. The IT administrator number is 37
security & visualization is more of an Enterprise issue and not for an SME
According to a survey
carried out by B2B on behalf of software experts Kaspersky mainly targeting
SMEs, claims that 33 per cent of firms are allowing their staff to access
corporate resources from their smartphones. Furthermore,
23 per cent of firms admitted to having already lost company data through a
misplaced or stolen personal phone.
David Emm, senior security
researcher at Kaspersky Lab, said: "BYOD is a tricky subject for
organizations. Whether they opt for BYOD or not, businesses should look to
manage and secure the use of these devices."
The Faronics survey confirms
it. It did a through survey of cyber
threat and data breach experiences of small and medium-sized businesses (SMBs).
U.K. respondents concerns were: 62% believe "proliferation of end-user
devices" is a key issue, as well as "lack of security protection
across all devices," (cited by 56%) and "unsecure third parties
including cloud providers," (53 percent).
Ø BYOD is on
decline and it is going down
The survey of 1,678 mobile workers at 1,100
worldwide enterprises was conducted between Sept. 27 and Oct. 19 by commercial
Wi-Fi network provider iPass which conducts such a survey every quarter. The
study revealed that the percentage of respondents using their own smartphones
for work tasks has increased from 42% in the fall of 2011 to 46% in the fall of
2012. The company said that the percentage of phones provisioned by employers
dropped from 58% to 33% over the same period.
For tablets, 59% of mobile workers said they
expect to rely on tablets more in the coming year, and that iPad would remain
the top preference of 54%.
Findings also indicate that the smartphone is "the
center of the mobile workers' universe" because it ranks just behind
wallets and keys as most important items in workers' lives.
Ø Should I
worry only about iPads then?
Same iPass survey found that Apple's iPhone
remains the most popular smartphone among workers, used by 53% of the mobile
workforce, up from 45% in 2011. But Android phone use also increased to 34% of
workers, up from 21%. Use of the Research in Motion BlackBerry smartphone
decreased over the past year, from 32% of workers to 26%. Windows Phone-based
devices were used by just 5% of mobile workers in the latest survey.
Ø With BYOD,
security is the only issue I need to worry?
Yes organizations can now cut down lot of
costs on procuring devices thanks to BYOD & BYOA but please don’t be very
happy about the savings as most part of it will go to procure new BYOD
visibility and security tools and that’s just not it. There is something called
“bill shock” coming your way.
The iPass survey respondents ranked the cost
of making a network connection as the least important factor when choosing a
mobile network, which could create a "bill shock" for businesses
without Bring Your Own Device (BYOD) cost-control policies. The rapid growth of is both
increasing worker productivity and increasing corporate costs, noted Evan
Kaplan, CEO of iPass. "This report shows [employees] are willing to
connect with little regard for cost. This lack of cost sensitivity has the
potential to dramatically impact corporate budgets."
This is where BYOD visualization becomes very
critical and to know where the traffic is going.
Ø Ok I got
that. But is BYOD security threat as big as made out to be?
According to the findings of a study
sponsored by Webroot, which is based on a survey of endpoint and
mobile-security decision makers in companies with 10 or more employees in the
U.S., U.K. and Australia, found that more than half reported mobile threats,
reduced employee productivity and disrupted business activities; 61% of survey
respondents said they required additional IT resources to manage mobile
security, resulting in higher costs.
The study also found an overwhelming 82% said
they believe that mobile devices create a high security risk within the
corporate environment. Results indicated that mobile security is a high
priority for half the companies supporting BYOD, equating to increased help
desk support and consumption of valuable IT resources. 45% reported lost or
stolen devices in the past year and 24% experienced mobile malware infections,
crippling productivity and potentially compromising company and customer data.
Blue Coat reported that 88 percent of
employees think their mobile device is "somewhat or very secure from
malware." Only about 22 percent of IT professionals, however, think the
risk of malware spreading from employee devices to the corporate network is
minimal or no risk.
Faronics, announced the results of its State of Cyber Security
Readiness survey, which examines the cyber threat and data breach experiences
of SMEs across US & UK. The respondents included executives from many
levels of these organizations, ranging from the owner/partner to outside
consultants, but were heavily weighted toward the director, manager, supervisor
and technician levels.
The top three threats to their organizations listed by
U.S. respondents included "proliferation of unstructured data," (69
percent), "unsecure third parties including cloud providers, (65 percent)
and "not knowing where all sensitive data is located, (62 percent). U.K.
respondents had a slightly different set of concerns: 62% believe
"proliferation of end-user devices" is a key issue, as well as
"lack of security protection across all devices," (cited by 56%) and
"unsecure third parties including cloud providers," (53 percent).
Ø Are people
implementing BYOD security in their organizations? Why or Why not?
the same survey, While 46% of BYOD companies have implemented mobile security,
only 40 percent of companies with fewer than 100 employees have mobile security.
Despite having access to more IT resources, larger organizations--those with
500 or more employees--are at even higher risk.
to the study, 67% had dealt with lost or stolen mobile devices and 32% had
experienced mobile malware infections, creating widespread concern about the
business impact of employee-owned devices within the enterprise. Overall, 67%
agree that the management of mobile-device security is a great burden on IT
Ø What issues
are keeping organizations from making it completely BYOD secure?
"Although organizations have become more aware of
potential threats, they do not seem to accurately perceive the repercussions
associated with data breaches," said Dmitry Shesterin, vice president of
product management at Faronics. "Findings indicate that organizations do
not understand the full costs and damages they will suffer as a result of a
data breach. These organizations need to become more proactive about their
security programs in order to minimize the damage they will inevitably
experience from one, if not more, data breach."
Faronics' survey found just 9% among U.S. respondents and
4% in the U.K. admit security is not taken seriously because their organization
is not perceived as being vulnerable to attacks. 64% of U.S. respondents and
75% of U.K. respondents cited "insufficient people resources" as a
primary barrier to achieving effective security. 62% of U.K. respondents
consider "the complexity of compliance and regulatory requirements"
as a key barrier. 55% listed "lack of in-house skilled or expert
personnel". 50% of U.S. respondents noted "lack of central
accountability" and 41% listed "lack of monitoring and enforcement of
Ø So what
should we do as far as access is concerned? Complete access or restricted
Most organizations haven't yet solved the
"my phone, my rules" challenge, according to Blue Coat. IT may have
higher, stricter expectations for security controls on personal devices, but
employees are making them meet in the middle, which has resulted in the
creation of flexible policies that implement security only when corporate
assets are at risk.
Not surprisingly, far more IT staffers (37
percent) than employees (12 percent) want to allow restrictions on the type of
sites or content that can be accessed, as part of a corporate policy.
Ø What is the
impact of security breaches?
From the same Faronics survey, when queried about the
impact of data breaches on their organizations, more than half of U.S. and U.K.
respondents cited the loss of time and productivity most frequently. Both U.S.
and U.K. respondents also listed damage to their organization's brand second
most frequently. According to the findings among companies that experienced a
42% of U.S. respondents and 38% of U.K. respondents
stated they "lost customers and business partners"
41% and 34% of U.S. and U.K. respondents, respectively
experienced an increase in the "cost of new customer acquisition”
35% of U.S. respondents and 31% of U.K. respondents
"suffered a loss of reputation"
Results seem to indicate that companies tend to seriously
underestimate the potential damage to brand and reputation, revealing a great
data breach perception gap. Misconceptions about the consequences associated
with a data breach are preventing organizations from implementing the necessary
financial tools, in house-expertise and technologies to achieve cyber
Ø What factors influenced
IT buyers to buy BYOD visualization, security and related tools?
Survey findings uncover that IT managers made security
and data protection investment decisions based on ease of deployment and
ongoing operations as well as low purchase costs.
73% in the U.S. and 78% in the U.K., seek products and
solutions that enable easy deployment. U.K. teams further indicated the
importance of minimal maintenance effort with 62% of respondents listing the
"ease of ongoing operations" as a key factor influencing security
investments, followed by 58% seeking "low purchase cost" and 52%
seeking low total cost ownership (TCO). U.S. teams indicated a greater concern
with costs, as 65% of respondents listed "low purchase cost" as a
primary influencer over the 60% who listed "ease of ongoing
operations" and 30% listed "low TCO."
What tools are they using today?
65% and 75%, respectively of U.S. and U.K. respondents
employ firewalls and other perimeter security technologies. 36% of U.S. and 53%
of U.K. respondents turn to blacklisting and/or whitelisting tools to identify
content with vulnerabilities. A significant plurality of IT teams relies on
enforcing strict data policies, cited by 33% of U.S. and 45% of U.K.
I hope these surveys reveal important things that are
happening in the BYOD market today. How is it trending and what does Gartner
say, will try to cover in the comings blogs!! Any questions or concerns or
trends regarding BYOD visibility or security, drop me an email and will be
happy to answer.
Manjunath M Gowda
ceo, i7 Networks
“Got BYOD? Get control”
manju.m (@) i7networks (.) in