Most Orgs Enabling BYOD Lack Security Controls
A new report looked at the number of companies that allow users to access corporate data on personal devices and found that most organizations enabling BYOD lack proper security controls, according to Bitglass.
With the advent of the cloud, more employees are taking advantage of being able to work from anywhere at anytime on any device, including non-company issued devices. The Bitglass 2018 BYOD report found that 85% of enterprises now allow data access from personal devices for employees, partners, customers, contractors and even suppliers. As a result, more than half (51%) of participating firms report a rise in mobile security threats this year. Based on a survey of nearly 400 enterprise IT professionals, the study also found that 43% of organizations are not able to determine whether the personal devices that are accessing corporate data have actually downloaded malware.
In addition, only 56% of companies use the basic protections of remote wipe and mobile device management tools, though these tools do lead the pack in adoption of companies employing BYOD, according to the report. Only 30% of firms are confident that they are properly defending against malware on personal and mobile devices.
“BYOD increases employee mobility, and consequently, organizational flexibility, efficiency and collaboration,” the report said. Though the main drivers for enabling BYOD are employee mobility (74%), employee satisfaction (54%) and reduction in cost (49%), only 19% of organizations reported enabling BYOD because it reduces security risks. As little as 15% of organizations reported that they do not enable BYOD for any users.
“While most companies believe mobile devices are being targeted more than ever, our findings indicate that many still lack the basic tools needed to secure data in BYOD environments,” said Rich Campagna, CMO of Bitglass, in a press release. “Enterprises should feel empowered to take advantage of BYOD’s myriad benefits, but must employ comprehensive, real-time security if they want to do so safely and successfully.”
Source: Information Security Magazine