Organisations are struggling to solve the security problems created by personal devices accessing corporate data, a study has revealed.
Only 32% of organisations polled have conducted security audits of the systems being accessed by employee-owned devices, according to Dimension Data's Secure Enterprise Mobility Report.
But in the UK, the figure was 2% lower than the global average. Some 35% of UK organisations do not have a mobility roadmap, compared with 31% globally; only 18% of UK organisations have well-defined policies around mobility (27% globally), and only 40% of UK employees are unable to access business applications using personal devices (61% globally).
The report said an alarming 90% of all survey participants said they do not have the capability to stop employees using their personal mobile devices to access enterprise systems.
This suggests that IT leaders are struggling to solve the security problems stemming from supporting BYOD (bring your own device) and enterprise mobility amid an explosion of personal devices and applications accessing the network, the report said.
Dimension Data surveyed more than 1,600 IT and security professionals in organisations with more than 250 employees in 22 countries across Asia, Europe, Middle East & Africa, and the Americas.
More on BYOD
According to Matthew Gyde, Dimension Data’s group general manager for security solutions, the lack of visibility into what is sitting on the corporate network raises major data security risks for organisations.
He said unknowns significantly increase the opportunity for intrusion, and only when organisations know what mobile devices are on their networks and what applications they are accessing, will they be able to identify rogue devices and track new applications coming into their enterprise.
The study found that where IT departments are able to exert control to protect corporate data, while managing the introduction of personal devices, many fail to do so.
More than 70% of survey respondents said that their business leaders view employee use of personal mobile devices as potentially dangerous, costly and not business critical.
“From a security perspective, this negative view of BYOD is understandable, considering the extent and depth of the risk has not adequately been measured against business policy,” said Gyde.
“That’s because many organisations have yet to evaluate the impact of mobility beyond the device itself,” he said.
According to Tim Boyd, security solutions specialist at Dimension Data, having rogue, inadequately protected, and unknown devices on the network is just one element of the risk landscape.
“In addition to information security risk, server and application infrastructures are also under greater pressure as users, data and devices traverse the network,” he said.
Failure to consider the entire enterprise mobility landscape has led to an assumption of risk that is often grossly miscalculated, leaving organisations exposed to financial and reputational threats, said Gyde.
“Security experts should be involved in the development of an organisation’s mobility strategy, a key part of which is an audit of applications accessed by mobile devices,” he said.
Boyd said that with the correct policy and measures, it is possible to support BYOD and enterprise mobility without compromising security.