Skip Links

BYOD runs wild at most global companies

More than three quarters in survey said their organizations had not trained employees to understand the privacy risks of BYOD

By John P. Mello, Jr., CSO
July 18, 2013 08:30 AM ET

CSO - More and more workers around the world are bringing their personal mobile devices to the office daily, and companies appear to be having trouble keeping up with the trend.

[ALSO: BYOD decision points and who pays?]

About 60 percent of organizations acknowledged they either don't have a policy that specifies how employees may use their own devices in the workplace (41 percent) or are just planning to write such a policy, a study released on Wednesday from Acronis and the Ponemon Institute has found.

"Even though we're still in the early stages of BYOD [Bring Your Own Device], companies are playing catch-up to where their users are," Anders Lofgren, director of Mobility Solutions for Acronis, told CSOonline.

Even as recently as three years ago, IT departments had an iron grip on the endpoints to their networks. "They could secure and provision a fixed device that was procured by the enterprise," said Ben Gibson, chief marketing officer for Aruba Networks.

Now IT has to deal with many devices being brought to work by employees. "Enterprises and IT organizations are in the process of catching up with this trend," Gibson said.

Slow adoption of BYOD policies by companies could be a sign of denial, said Steve Martino, vice president of information security and acting CISO of Cisco. "If a company doesn't have a BYOD policy, it's because they're trying to pretend this isn't happening in their organization," he said  in an interview. "They think that if they don't have a policy, BYOD isn't happening in their organization."

Of the companies with BYOD policies, almost three quarters of them imposed highly restrictive policies on their workers by either requiring personal devices to be approved by the company before being allowed to access the firm's networks (43 percent) or banning personal devices from company nets (31 percent).

Those numbers could be misleading because there are industries where launching BYOD programs is severely limited, such as banking, pharmaceuticals, health care and defense. "But those barriers are breaking down," Acronis's  Lofgren said.

[Joan Goodchild in Leading Edge: Should security be responsible for BYOD policy?]

While it may be necessary to restrict BYOD in some industries dealing with highly sensitive data, it isn't necessary for most rank-and-file office workers, said Cisco's Martino.

"For the basic white collar productivity worker, companies can see real benefits from a BYOD program," Martino said. "By forbidding BYOD, you encourage people to work around the policy."

"Then, because you have controls that say you can't use it, you think you're protecting your data," he said. "When actually you're limiting your effectiveness to identify and control security incidents when they happen."

"Forbidding BYOD is more trouble than having a controlled policy to adopt it," Martino said.

Cross-country attitudes could also be affecting a company's ability launch full bore BYOD programs. "Some countries have strict cultural policies about whether you can bring a personal device to work or not," Aruba's Gibson said.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News