No sooner had I posted BYOD–The Hottest Trend or Just the Hottest Term, last week than yet another BYOD survey hit the news. The full results will be released in a webinar tomorrow but SANS announced their First Annual Survey Results on Mobility Security. Last December, SANS launched its first ever mobility survey to discover if and how organizations are managing risk around their end user mobile devices. The survey of 500 IT pros found that a meager 9% of organizations felt they were fully aware of the devices accessing corporate resources, while 50% felt only vaguely or fairly aware of the mobile devices accessing their resources. In addition, more than 60 % of organizations allow staff to bring their own devices. With so many companies allowing BYOD, controls and policies are very important to securing business environments.
Courtesy: SANS Mobility BYOD Security Survey
Deb Radcliff, executive editor, SANS Analyst Program said, ‘Another interesting note is that organizations are reaching for everything at their disposal to manage this risk,…Among them are user education, MDM (mobile device management), logging and monitoring, NAC and guest networking, and configuration controls.’ Less than 20% are using end point security tools, and out of those, more are using agent-based tools rather than agent-less. According to the survey, 17% say they have stand-alone BYOD security and usage policies; 24% say they have BYOD policies added to their existing policies; 26% say they "sort of" have policies; 3% don't know; and 31% say they do not have any BYOD policies. Over 50% say employee education is one way they secure the devices, and 73% include user education with other security policies.
The BYOD challenges, I think, falls under an age old dilemma: Freedom vs. Control. We see this clash in world politics, we’ve seen it pertaining to the internet itself, we may even experience it at home with our offspring. The freedom to select, use, work and play with the desired mobile device of our choosing bumping up against a company’s mandate to protect and secure access to sensitive corporate information. There can be tension between a free and open culture verses the benefits of control and information management. Sometimes people equate freedom with having control over things yet when it comes to controlling others, many of us feel slightly uncomfortable on either end of the leash. Sometimes oversight is necessary if someone does not have self-control. BYOD is a revolution, a drastic change in how organizations manage devices and manage access to information. If you look at revolutions through the years, often it’s about freedom vs. control. I’m certainly not suggesting an employee coup of the executive floor but remember there are two distinct and diverse powers at play here and successful BYOD deployments need to involve both people and technology.