ACN survey: Just 16% of Gulf companies have BYOD policies
Arabian Computer News reveals regional gap in response to device usage
A meagre 16% of GCC organisations have coherent and flexible BYOD policies, according to the findings of Arabian Computer News' IT Security Behaviour Survey 2014.
The survey, conducted online between March and April this year, revealed that 30% of companies had no rules in place to govern company data on devices, while 19% of respondents reported a restrictive policy where employees were forbidden to have corporate data on personal devices. Only 16 % said their organisation had implemented controls to allow data on devices but also protect it.
"The lack of security policies and enterprise mobile policies is significant," warned Megha Kumar, research manager, Software, International Data Corporation (IDC).
"Companies are clearly struggling with managing security and devices and employees need more awareness despite the efforts made to improve it. The figures show a need for security and enterprise mobility policies; security training and awareness; and security automation and improved data sharing policies."
The main problem behind BYOD is not only security; it is the famous trade-off between that security and employee productivity. Mobility brings agility to business operations that C-level executives do not want to relinquish, but those tasked with cyber security are confronted with a large and diverse device population to manage.
Continues on next page>>
"BYOD has become a practice in organisations and poses a security challenge for IT security administrators," said Ravi Patil, technical director, Mediterranean, Middle East and Africa, Trend Micro.
"While mobility boosts enterprise employee efficiency by delivering ‘anywhere access' to business data and systems, it obliterates what's left of the increasingly ineffective corporate network perimeter.
"Enforcing strict regulations on usage of personal devices is a must to minimise security risks. Management of the mobile devices must be made mandatory in organisations to protect companies' sensitive data from getting into the wrong hands if the device is lost or stolen. Interestingly, the survey results show that many organisations do not have a policy to allow or deny data on personal mobile devices.
The price of failure to secure devices and implement rigid policies to lock down data where appropriate can be high. Composing such policies can be difficult, especially when the operating systems on devices are not uniform and each has its own set of vulnerabilities to contend with.
"As the amount of digital data grows, so does the theft of sensitive data through the loss or misplacement of laptops, thumb drives, external hard drives, and other electronic storage media," said Patil.
"Sensitive data may also be leaked accidentally due to improper disposal or resale of storage media. To protect the secrecy of the entire data lifetime, we must have confidential ways to store and delete data. The survey results show that users still use USB devices at large to transfer company data to be used elsewhere or data being shared by a file-sharing device."
The survey asked about much more than BYOD. You can read the full details in the May 2014 edition of Arabian Computer News, available now. Also, ITP.net will be posting the full results in the coming weeks.