25pc of firms don’t have policies for ‘consumerised’ workplace

17 Nov 2011

Because most workers are cottoning onto the fact that the technology they have at home is often better than the jaded machines they have at work, many firms are encouraging Bring Your Own Device (BYOD) schemes, but are overlooking one vital detail – security.

A report by SecureData, My dog ate my iPad – Security Risks of the Consumerised Workplace, reveals that flexible working is a huge trend across a number of industries, with 98pc being allowed to work from home at least once a month.

While a large proportion of employees use their own personal mobile devices, such as smartphones or tablets, to work remotely or while on the move (69pc), a large proportion (25pc) of businesses doesn’t have a policy in place for employees to work remotely via their own personal mobile devices.

SecureData commissioned a Vanson Bourne Omnibus survey of 100 IT managers in large UK enterprises (more than 1,000 employees) across the financial services, manufacturing, retail, distribution/transport and commercial sectors.

It found that 69pc of those surveyed use smartphones and tablet devices not supplied by the company to work remotely at home or while on the move (44pc smartphones and 25pc tablet devices) leading to potential vulnerabilities as unregulated mobile devices are connected securely with the office network.

A significant 100pc of employees in the financial services sector are allowed to work from home at least once a month, highlighting that businesses are willing to let employees work in their own environment even with businesses handling a greater volume of sensitive information.

The survey revealed that 25pc of organisations do not have a policy in place for employees to work remotely via their own personal mobile devices (such as a smartphone or a tablet device) and don’t think it is a priority at the moment, leaving them open to security breaches, including the loss of highly sensitive company data. Some 37pc of respondents allow their children to use their work device eg, laptop, smartphone and tablet device.

Ostrich approach to BYOD strategies

“The study findings present a huge opportunity for businesses,” said Etienne Greeff, professional services director for SecureData Europe.

“Employees already have the latest smartphones or tablets, which many are using to access their work information anyway. Schemes such as BYOD are ideal; cost savings with company-owned equipment can be made and they satisfy employees’ desire for flexibility.

“However, businesses need to appreciate that the ostrich approach to security is counterproductive, by not providing the appropriate policy and framework for people to use personal devices. Having a managed policy in place will enable rich mobile working, ensure compliance and the safety of business data and allow employees to work at work as they work at home.”

Roy Illsley, principal analyst at Ovum, commented: “The major challenge to wider use of BYOD (bring your own device) is undoubtedly security, and how the flow of data to these devices can be managed.

“The movement that is taking place in business, away from central command and control, is difficult for many in IT to see, let alone accept. But the reality of the consumer cross-over is that these aspects of policy, procedure and management must be addressed in a secure and risk-controlled manner.

“One approach being considered by many organisations is to draft HR rules that allow personal devices to be used for corporate activity, but in return for providing a support service that backs up the device, the company has the right to wipe all data should the employee leave the organisation,” Illsley said.

John Kennedy