The cost and threat of BYOD to business data security.
You’d be forgiven for thinking that the Bring-your -own-device (BYOD) movement is rivalled only by the spirit of 60s-style free love, the “Arab Spring” uprisings and the sheer hedonism of a Cape Town summer –so feverishly the beating of its drum from supporters the world over.
For those not in the know, BYOD allows employees to use their personally-owned endpoint devices to hook up into the corporate network.
Obviously the idea of staff members using their personal devices for work-purposes is an attractive one to company executives and (some) users alike, with CFOs no doubt salivating at the prospect of not having to invest in hardware – and users pointing to freedom from draconian security laws which govern their use of company property.
Okay . . . Before we all break into song and run naked through the city streets, however, I have just two questions to ask.
- Does BYOD have a realistic place in a world of ever-increasing penalties for lapses in Governance, Risk and Compliance?
- Will BYOD really help organizations save money?
BYOD and Data Security: Deep Impact
The scale of the BYOD security problem was highlighted in this recent article on CIO.com, where results from a survey by Avanade revealed that, of 600 survey respondents, over 300 reported experiencing a security data breach as a result of consumer gadgets.
That’s more than 50%, and 18 million times more than the likelihood of you meeting an untimely demise in an airplane accident.
The problem, of course, is that BYOD puts control into the hands of employees who could care less about data security – until the proverbial **** hits the fan, followed by lots of begging at ITs feet to somehow make the pain go away.
Another survey found that 78% of lawyers were either not concerned at all, or only somewhat concerned, at the prospect that confidential data could be at risk should their endpoint devices be lost, stolen or compromised.
Show me the money: Hidden IT costs of BYOD
The 5 hidden costs of mobile BYOD are discussed at length in this article but a few obvious questions you must be asking yourself have to include:
- Who is going to support users when devices fail, at what cost and how long will it take to get users back up and running?
- Secondly, what costs are involved with making sure apps and other software the company wants to utilize work on all the users’ varied devices?
- What costs will have to be incurred to ensure that data security on a variety of privately-owned devices measure up in terms of Governance, Risk and Compliance?
When taking hidden and associated costs related to BYOD into consideration, research conducted by Aberdeen estimate that a typical BYOD environment could cost up to 33% more than a well-managed wireless deployment where the company owns the devices.
Does this mean there is no case for BYOD, then?
Well, no . . . there is a place and we want you to help us find out exactly how, and where, that is.
Cibecs/IDG 2012 Enterprise Data Loss Survey
The rise of BYOD and the enterprise adoption of this trend form part of the question set in this year’s edition of our annual Data Loss Survey. Other relevant topics (our survey will hopefully provide more insight to) include file sharing cultures and methodologies at an enterprise level, current data protection technologies and the impact of GRC on IT Departments, to name but a few.
We looked at the effect of BYOD in business IT environments in our 2012 data loss survey, you can read about that by downloading the 2012 data loss survey