Sunday, November 18, 2012

BYOD : Visibility - Security - Data Protection – What does the market say?

My previous blog “I know BYOD but what is this BYOA or COPE? Being in IT should I worry about all these?” talked about the BYOD, BYOA & COPE and how it is changing the role of the CIO and how he needs to adapt else will finally lose control and un-necessitate the position itself to a larger extent.

In this blog, let me use statistics and survey results to show how real is the BYOD problem and why we need to address sooner than later the issue and end with what happens if you ignore the issues to you and your organization.

 Ø  There are very few people accessing the network using their personal devices

According to Blue Coat, nearly twice as many employees -- 71 % -- report accessing the network with their personal device than IT administrators believe are doing so. The IT administrator number is 37 %.

 Ø  BYOD security & visualization is more of an Enterprise issue and not for an SME

According to a survey carried out by B2B on behalf of software experts Kaspersky mainly targeting SMEs, claims that 33 per cent of firms are allowing their staff to access corporate resources from their smartphones. Furthermore, 23 per cent of firms admitted to having already lost company data through a misplaced or stolen personal phone.

David Emm, senior security researcher at Kaspersky Lab, said: "BYOD is a tricky subject for organizations. Whether they opt for BYOD or not, businesses should look to manage and secure the use of these devices."

The Faronics survey confirms it. It did a through survey of cyber threat and data breach experiences of small and medium-sized businesses (SMBs). U.K. respondents concerns were: 62% believe "proliferation of end-user devices" is a key issue, as well as "lack of security protection across all devices," (cited by 56%) and "unsecure third parties including cloud providers," (53 percent).

 Ø  BYOD is on decline and it is going down

The survey of 1,678 mobile workers at 1,100 worldwide enterprises was conducted between Sept. 27 and Oct. 19 by commercial Wi-Fi network provider iPass which conducts such a survey every quarter. The study revealed that the percentage of respondents using their own smartphones for work tasks has increased from 42% in the fall of 2011 to 46% in the fall of 2012. The company said that the percentage of phones provisioned by employers dropped from 58% to 33% over the same period.

For tablets, 59% of mobile workers said they expect to rely on tablets more in the coming year, and that iPad would remain the top preference of 54%.

Findings also indicate that the smartphone is "the center of the mobile workers' universe" because it ranks just behind wallets and keys as most important items in workers' lives.

 Ø  Should I worry only about iPads then?

Same iPass survey found that Apple's iPhone remains the most popular smartphone among workers, used by 53% of the mobile workforce, up from 45% in 2011. But Android phone use also increased to 34% of workers, up from 21%. Use of the Research in Motion BlackBerry smartphone decreased over the past year, from 32% of workers to 26%. Windows Phone-based devices were used by just 5% of mobile workers in the latest survey.

 Ø  With BYOD, security is the only issue I need to worry?

Yes organizations can now cut down lot of costs on procuring devices thanks to BYOD & BYOA but please don’t be very happy about the savings as most part of it will go to procure new BYOD visibility and security tools and that’s just not it. There is something called “bill shock” coming your way.

The iPass survey respondents ranked the cost of making a network connection as the least important factor when choosing a mobile network, which could create a "bill shock" for businesses without Bring Your Own Device (BYOD) cost-control policies. The rapid growth of BYOD is both increasing worker productivity and increasing corporate costs, noted Evan Kaplan, CEO of iPass. "This report shows [employees] are willing to connect with little regard for cost. This lack of cost sensitivity has the potential to dramatically impact corporate budgets."

This is where BYOD visualization becomes very critical and to know where the traffic is going.

 Ø  Ok I got that. But is BYOD security threat as big as made out to be?

According to the findings of a study sponsored by Webroot, which is based on a survey of endpoint and mobile-security decision makers in companies with 10 or more employees in the U.S., U.K. and Australia, found that more than half reported mobile threats, reduced employee productivity and disrupted business activities; 61% of survey respondents said they required additional IT resources to manage mobile security, resulting in higher costs.

The study also found an overwhelming 82% said they believe that mobile devices create a high security risk within the corporate environment. Results indicated that mobile security is a high priority for half the companies supporting BYOD, equating to increased help desk support and consumption of valuable IT resources. 45% reported lost or stolen devices in the past year and 24% experienced mobile malware infections, crippling productivity and potentially compromising company and customer data.

Blue Coat reported that 88 percent of employees think their mobile device is "somewhat or very secure from malware." Only about 22 percent of IT professionals, however, think the risk of malware spreading from employee devices to the corporate network is minimal or no risk.
Faronics, announced the results of its State of Cyber Security Readiness survey, which examines the cyber threat and data breach experiences of SMEs across US & UK. The respondents included executives from many levels of these organizations, ranging from the owner/partner to outside consultants, but were heavily weighted toward the director, manager, supervisor and technician levels.

The top three threats to their organizations listed by U.S. respondents included "proliferation of unstructured data," (69 percent), "unsecure third parties including cloud providers, (65 percent) and "not knowing where all sensitive data is located, (62 percent). U.K. respondents had a slightly different set of concerns: 62% believe "proliferation of end-user devices" is a key issue, as well as "lack of security protection across all devices," (cited by 56%) and "unsecure third parties including cloud providers," (53 percent).

 Ø  Are people implementing BYOD security in their organizations? Why or Why not?

From the same survey, While 46% of BYOD companies have implemented mobile security, only 40 percent of companies with fewer than 100 employees have mobile security. Despite having access to more IT resources, larger organizations--those with 500 or more employees--are at even higher risk.

According to the study, 67% had dealt with lost or stolen mobile devices and 32% had experienced mobile malware infections, creating widespread concern about the business impact of employee-owned devices within the enterprise. Overall, 67% agree that the management of mobile-device security is a great burden on IT resources.

 Ø  What issues are keeping organizations from making it completely BYOD secure?

"Although organizations have become more aware of potential threats, they do not seem to accurately perceive the repercussions associated with data breaches," said Dmitry Shesterin, vice president of product management at Faronics. "Findings indicate that organizations do not understand the full costs and damages they will suffer as a result of a data breach. These organizations need to become more proactive about their security programs in order to minimize the damage they will inevitably experience from one, if not more, data breach."

Faronics' survey found just 9% among U.S. respondents and 4% in the U.K. admit security is not taken seriously because their organization is not perceived as being vulnerable to attacks. 64% of U.S. respondents and 75% of U.K. respondents cited "insufficient people resources" as a primary barrier to achieving effective security. 62% of U.K. respondents consider "the complexity of compliance and regulatory requirements" as a key barrier. 55% listed "lack of in-house skilled or expert personnel". 50% of U.S. respondents noted "lack of central accountability" and 41% listed "lack of monitoring and enforcement of end users"

 Ø  So what should we do as far as access is concerned? Complete access or restricted access?

Most organizations haven't yet solved the "my phone, my rules" challenge, according to Blue Coat. IT may have higher, stricter expectations for security controls on personal devices, but employees are making them meet in the middle, which has resulted in the creation of flexible policies that implement security only when corporate assets are at risk.

Not surprisingly, far more IT staffers (37 percent) than employees (12 percent) want to allow restrictions on the type of sites or content that can be accessed, as part of a corporate policy.

 Ø  What is the impact of security breaches?

From the same Faronics survey, when queried about the impact of data breaches on their organizations, more than half of U.S. and U.K. respondents cited the loss of time and productivity most frequently. Both U.S. and U.K. respondents also listed damage to their organization's brand second most frequently. According to the findings among companies that experienced a data breach:

42% of U.S. respondents and 38% of U.K. respondents stated they "lost customers and business partners"
41% and 34% of U.S. and U.K. respondents, respectively experienced an increase in the "cost of new customer acquisition”
35% of U.S. respondents and 31% of U.K. respondents "suffered a loss of reputation"

Results seem to indicate that companies tend to seriously underestimate the potential damage to brand and reputation, revealing a great data breach perception gap. Misconceptions about the consequences associated with a data breach are preventing organizations from implementing the necessary financial tools, in house-expertise and technologies to achieve cyber readiness.

 Ø  What factors influenced IT buyers to buy BYOD visualization, security and related tools?

Survey findings uncover that IT managers made security and data protection investment decisions based on ease of deployment and ongoing operations as well as low purchase costs.
73% in the U.S. and 78% in the U.K., seek products and solutions that enable easy deployment. U.K. teams further indicated the importance of minimal maintenance effort with 62% of respondents listing the "ease of ongoing operations" as a key factor influencing security investments, followed by 58% seeking "low purchase cost" and 52% seeking low total cost ownership (TCO). U.S. teams indicated a greater concern with costs, as 65% of respondents listed "low purchase cost" as a primary influencer over the 60% who listed "ease of ongoing operations" and 30% listed "low TCO."

 Ø  What tools are they using today?

65% and 75%, respectively of U.S. and U.K. respondents employ firewalls and other perimeter security technologies. 36% of U.S. and 53% of U.K. respondents turn to blacklisting and/or whitelisting tools to identify content with vulnerabilities. A significant plurality of IT teams relies on enforcing strict data policies, cited by 33% of U.S. and 45% of U.K. respondents.

I hope these surveys reveal important things that are happening in the BYOD market today. How is it trending and what does Gartner say, will try to cover in the comings blogs!! Any questions or concerns or trends regarding BYOD visibility or security, drop me an email and will be happy to answer.

Manjunath M Gowda
ceo, i7 Networks
“Got BYOD? Get control”

manju.m (@) i7networks (.) in

No comments:

Post a Comment