IT organizations have their hands full trying to secure the multitude of mobile devices out there. I recently blogged about applying layered protection
to an enterprise network perimeter that has been redefined by employees carrying those devices. When users are on the move, so is corporate data.
This is all complicated enough, but it turns out there’s yet another layer. I recently read an article from MSPmentorthat reveals some interesting survey findings from users. It turns out employees prefer to access the corporate network covertly because they’re worried about compromising their personal data.
Aruba Networks Inc. conducted the survey, which included more than 3,000 global users. Interestingly, more Americans—about 66 percent—fear personal data loss more than users in other regions. As a result, they keep those devices tucked neatly away from IT. And it gets even worse. Of the American respondents:
36 percent would not report leaked data immediately.
17 percent would not report a compromised device.
45 percent are worried that IT has access to their personal data.
It’s a security catch-22
I commented on the article as soon as I read it, but it bears repeating: The irony of this data is scary. The only way IT can secure personal devices is to have them officially registered. Yet employees don’t want to register the devices because they’re worried about the security of their personal data.
The really frightening thing is that it’s the business and its leaders who will pay the consequences when issues arise. Both IT and executives have a responsibility to open up the lines of communication with users to quell these concerns. A big part of that process is delivering a well-governed and transparent Bring Your Own Device (BYOD) policy, providing secure BYO solutions, and taking a user-centered approach to IT along the way.
It all comes down to data governance and ownership and respecting the protection of both corporate and personal information across all devices. Opening lines of communication with employees is critical because if BYOD turns into DIY, all bets are off.
What are your thoughts on this topic? What best practices have you seen? And what have you seen that does not work so well?