February 04, 2014
Bring-your-own device smartphones and tablets are being brought in en-masse by employees, but this is leading to dire consequences for the enterprise IT department, according to a new study.
In its latest quarterly report on “The State of Enterprise Mobile Securityâ€, Forrester reports that 70 percent of enterprises across Europe and North America expect to provide more mobile support to their staff over the next 12 months as a high or critical priority.
Despite these plans however, it appears workers are taking mobile matters into their own hands and making BYOD decisions without first consulting their technology managers.
The study revealed that more than 46 percent of tablet and 32 percent of smartphone users have purchased at least one off-the-shelf application for work, with 60 percent and 55 percent respectively selecting their own device to use for work purposes. Furthermore, 15 percent of employees profess to having accessed sensitive data - such as customer information and non-public financial data - but not from work-sanctioned devices.
In announcing the news, analyst Chris Sherman said that users are thinking solely about what device makes them most productive and less about the security implications.
"Workers are choosing and will continue to choose those devices and solutions which make them the most productive," wrote Sherman in the report.
And despite this coming shortly after another recent report, this time from Juniper Research, which indicated that a third of all personal mobile devices will be in enterprises by 2018, there are signs that businesses are moving away from the BYOD trend and back towards corporately-deployed devices - a possible recipe for technology disaster and confusion.
Indeed, Forrester's study - carried out in Canada, France, Germany, the UK and US - shows that 74 percent of firms have either purchased or plan to purchase smartphones for employees, with this figure at 65 percent for tablets. Another third (33 percent) are planning to spend on enterprise app stores, and 49 percent intend to increase spending on mobile apps and middleware by at least five percent in the coming year.
"These consumer trends are putting enormous pressure on security professionals to determine how far to open the company "gates" to personal devices," wrote Sherman. "Security professionals have to face this reality head-on and come up with a plan to embrace worker productivity through BYOD."Â
Former CISO Phil Cracknell, now head of security and privacy services at Company 85, is an outspoken critic of the BYOD trend and says that many issues have not been resolved.
“BYOD is putting pressure on IT right now. Many of the elements which reflect a total cost of ownership of BYOD are not being fully recognised when business is considering and implementing or at least planning to implement,†he told SCMagazineUK.com.
“HR/Legal issues, responsibility for a replacement device in the event of theft or malfunction - who would that lie with? The individual or the company? What would that person do if they couldn't afford a replacement right away?â€
Ovum analyst Richard Absalom, who focuses predominantly on enterprise mobility, concurred with Forrester's findings and added that BYOD may not be the correct path for all companies.
“Those figures look like they add up compared to our own data, and I'd agree that we see some businesses going back to a corporate deployed model - although depending on how that's done they aren't necessarily turning their back on BYOD.
“BYOD isn't always the right way to go, as organisations in highly regulated industries in particular may have very legitimate security and privacy concerns around it. But they do need to do something about it as it will simply go unmanaged and cause even more problems if they don't.
“It's important therefore for a mobility strategy to understand and address the drivers of BYOD, such as employees wanting to use a single device rather than carry two phones around with them, one for personal and one for work usage. Having a CYOD (choose your own device) or a COPE (corporate owned, personally enabled) policy would still mean corporate deployment but may go down just as well as BYOD with employees.â€
Forrester and Ovum aren't the only researchers to doubt the BYOD trend - Gartner recently said that a fifth of all enterprise BYOD projects will have failed by 2016, and this led Paul Steiner, MD EMEA for cloud storage provider Accellion, to say that businesses are waking up to the trend.
“The BYOD trend has changed the way that companies need to invest in security. Managing a device that is not owned by the corporation is a waste of money,†he said in a statement emailed to SCMagazineUK.com.
“Security mustn't be cast aside by enterprises in their quest for an improved user experience."