UK datacentres vulnerable to BYOD risks, shows Ponemon study

About 60% of UK businesses have no personal device policy in place and are putting critical data at risk once it leaves a company

A Ponemon Institute research into the bring your own device (BYOD) trend has found that about 60% of UK businesses have no personal device policy in place and are putting critical data at risk once it leaves a company, whether through BYOD or public cloud-based file-sharing.

By ignoring simple security steps and employee BYOD education, companies are jeopardising their confidential data, exposing it to theft, corruption, hackers, malware and more, the research report has warned.

The study, 2013 Data Protection Trends Research, found that 58% of the 570 UK IT chiefs surveyed admitted to not having a BYOD policy in place to manage employee-owned mobile devices, such as tablets and smartphones. 

A wide majority (80%) of organisations have not educated employees on BYOD privacy risks, while 31% of IT teams said employee-owned devices were not allowed, illustrating that organisations are still in denial when it comes to consumer IT trends.

Another 23% have opened up the company network to make exceptions for executives, who may be handling sensitive data. This puts businesses at an increasing risk of data loss and serious compliance issues, according to the research firm.

Your guide to BYOD policy

  • Embrace BYOD and manage the risks
  • Ten BYOD management best practices
  • BYOD security strategies: Balancing BYOD risks and rewards
  • BYOD - a bright idea with a tarnished lifecycle?
  • Guide to BYOD risks and benefits

Consumer IT needs better management

The report, commissioned by backup provider Acronis, revealed that currently, only 21% of the respondents mandated a device password or key lock on personal devices, and only 18% performed remote device wipes when employees leave the company. 

The study stated that employees commonly share corporate files through third-party cloud storage solutions such as DropBox, but as many as 69% of organisations do not have a policy in place around public cloud use and 80% have not trained their employees in the proper use of these platforms.

Experts have previously warned that BYOD and IT consumerisation are not just passing fads and that they are here to stay.

While 59% of UK organisations said they will support Apple’s Mac machines in the next year, more than half (61%) said compatibility and interoperability are still big obstacles to making Macs compliant with enterprise IT, which puts data stored and shared across the corporate network and on Apple devices at risk.

Data protection should be a priority

The study’s findings are in line with a previous YouGov report which revealed that many UK employers are failing to provide guidance on the usage of personal devices at work – potentially putting personal information at risk.

“Personal devices have permanently and positively changed the workplace, particularly in the way employees collaborate, work remotely and interact with company data,” said Rick Powles, managing director UK and Ireland at Acronis.

“BYOD is a huge opportunity for companies, but our research shows troubling signs of negligence in the face of these dangers. However, with policies and solutions that manage the flow of data between multiple devices and environments, companies can practice safe BYOD with confidence.”

To optimise BYOD and to avoid data loss and compliance issues, organisations should take immediate steps to ensure employees are trained in safe BYOD practices, that personal device and public cloud use are monitored and managed, and that effective data protection strategies are in place to prevent data loss, Powles advised. These are the critical steps to achieving safe BYOD.

The study was part of Ponemon Institute’s global survey of 4,374 IT practitioners which included more than 570 respondents from the UK, spanning from mid-sized to large enterprises.

It also showed that, despite many UK companies lacking in devising a BYOD strategy, the UK was ahead of the US in embracing BYOD and planning policies around employee device management. This finding echoed Citrix’s European chief’s remark that BYOD strategies are being adopted much faster in Europe than the US.

Read more on Datacentre disaster recovery and security