The newest company phenomena giving IT pros nightmares – BYOD

You might not be all that familiar with the acronym BYOD but it is one that is increasingly giving corporate IT and security specialists nightmares as they attempt to do their jobs managing, and securing, corporate network infrastructures.

The acronym stands for: Bring Your Own Device; which for the layman means being able to use your own laptop, smartphone, or tablet within the corporate world instead of being issued one. On one hand this is a good thing for companies as it general will reflect on lower costs in IT spending but on the other hand it creates nothing but headaches for the people charged with maintaining and securing the corporate infrastructure that those devices are expected to connect to.

Prior to the whole BYOD wave the IT departments could dictate what type of device you got and what you could run on them. Now that is all gone but at the same time the potential danger to the corporate infrastructure has also increased, both due to the natural progression of the technology of attacks and because of the variety of ‘uncontrollable’ devices that BYOD brings to the game.

In order to get some sort of handle on this ESET Security teamed up with Harris Interactive to conduct a survey and see what was happening out there when it comes to the whole BYOD movement.

One of there first findings which might surprise some folks is that more than 80 percent of employed adults use some sort of personally-owned device for work related functions. So it would seem that rather than BYOD being something that is coming to the workplace it is something that in fact has already arrived, and in a big way.

When it comes to what type of devices are being used to connect to the corporate network EST found:

  • About a quarter (24%) of employed adults use their own smartphone to access and/or store company information.
  • The percentage rises to 41% for personal laptops and 47% for personal desktops.
  • Only 10% currently use personally owned tablets to access and/or store company information.

When it comes to the whole security aspect of the situation they had this to say in their blog post:

If you stand at the back of a commercial flight these days you can see rows of passengers staring at a wide variety of devices, sometimes running cute little apps and games, and sometimes running business critical processes. Aside from the danger of spreading critical information to snoopy shoulder-surfers, this perspective makes it easy to see the variety of roles that the devices play. And I’m sure you’ve seen this scenario: halfway through the flight a user switches from super-critical pieces of corporate work to checking out the app they downloaded while waiting in the airport terminal. Obviously that’s a potential problem: bored users looking for cool things to install on their hip new piece of hardware. Maybe there’s a compelling reason to get that app, but is there a security context in place whereby this activity is vetted, especially when they are connecting that device to the company network? Beyond that, are basic measures in place to protect the data on the device if it falls into the wrong hands?

Now granted EST is a security software company but, taking into account that this is a corporate first-world problem we are talking about, are they really that far off being concerned about the implications of companies and BYOD for employees?

Especially considering that, as they found out, less than half of all devices in the BYOD category have any kind of security protection of any kind installed on them.