BYOD Users Threaten IT Security: Fortinet

First-generation bring-your-own-device (BYOD) participants are likely to expose businesses to new security risks.

As the first wave of bring-your-own-device initiatives gains traction in the workplace, the first generation of BYOD participants could pose a serious risk to corporate IT networks, according to a survey from network security specialist Fortinet. The poll, conducted in 15 territories during May and June 2012, asked more 3,800 active employees in their 20s about their perspectives on BYOD, its impact on their work environment and their approach to personal and corporate IT security, and found one in three respondents said they would contravene a company€™s security policy that forbids them to use their personal devices at work or for work purposes.

Survey results indicted the primary driver of the BYOD practice is that individuals can constantly access their preferred applications, especially social media and private communications, and this next generation of decision makers and managers is increasingly viewing the use of personal devices in the workplace as a right, rather than a privilege. Nearly three-quarters (74 percent) of respondents across all territories already regularly engage in the practice, the study found.

While 42 percent of the respondents believe potential data loss and exposure to malicious IT threats to be the dominant risk, suggesting the first generation of BYOD workers understands the risks BYOD poses by to their organizations, this risk awareness does not prevent those workers from bypassing corporate policies. India had the highest number of respondents who were willing to contravene a corporate policy banning the use of personally owned devices for work purposes, where 66 percent admitted they have or would do so.

When it comes to policies banning the use of nonapproved applications, 30 percent said they would also contravene policy to use them, and 69 percent of respondents confirmed they are interested in "bring your own application" (BYOA), where users create and use their own custom applications at work. While this indicates other areas where organizations are at risk, two-thirds (66 percent) of respondents consider themselves€”not the company€”to be responsible for the security of the personal devices they use for work purposes.

€œThe survey clearly reveals the great challenge faced by organizations to reconcile security and BYOD,€ Patrice Perche, vice president of international sales and support for Fortinet, said in a prepared statement. €œWhile users want and expect to use their own devices for work, mostly for personal convenience, they do not want to hand over responsibility for security on their own devices to the organization.

"Within such an environment, organizations must regain control of their IT infrastructure by strongly securing both inbound and outbound access to the corporate network and not just implement mobile-device management, or MDM. Organizations cannot rely on a single technology to address the security challenges of BYOD. The most effective network security strategy requires granular control over users and applications, not just devices,€ Perche continued.