Worker BYOD Trust Concerns Threaten Corporate Data: Survey

Some employees are reluctant to tell employers when they're using personal devices for work, or when they are compromised, a survey by Aruba Networks finds.

A high percentage of employees who use their own mobile devices for work do not trust their employers with their personal information, highlighting a risk to corporate data in an enterprise environment increasingly driven by the bring-your-own-device trend, according to a survey by Aruba Networks.

Because employees don't believe their IT departments are doing enough to make corporate data and applications on their personal devices secure, many are not telling their employers when they are using these devices for work and would not say if the devices had been compromised, even if it put corporate data at risk, according to the survey, which was released July 8.

It's a dangerous situation, given the widespread adoption of bring-your-own-device (BYOD) policies in businesses around the world, according to Ben Gibson, Aruba's chief marketing officer.

"The research from both sides of the Atlantic shows that employees and IT departments are gambling with data security, but chance isn't the only factor," Gibson said in a statement. "In short, employees resent the power their employers now wield over their personal data, but are equally unconcerned about keeping company data safe."

The survey results go to the core of the tension that has been generated by BYOD since Apple first introduced the iPhone in 2007 and then the iPad in 2010. Employees increasingly want to use the devices they are most comfortable with at work, which means using them to access corporate networks and data. IT professionals have been concerned about the safety of the networks and data as more devices are used to access them.

The survey by Aruba—which in April unveiled its Aruba Workspace technology to address the issue—echoes findings from similar studies. In March, a study by a network of Cisco partners found that 90 percent of employees in the United States used their personal smartphones for work within the past year, though only 46 percent thought their employers were prepared for any issues that could come from the BYOD push. In addition, the study found that 39 percent of employees' personal devices were not password-protected, putting whatever corporate data that are on those devices at greater risk.

"We are now well beyond the point of discussing bring your own device as something on the horizon," Aruba's Gibson said. "It is a reality across the world and businesses need to adopt solutions that give their employees greater privacy for their personal data as well as exert greater network controls to ensure that sensitive information is not leaked, without disrupting the user experience."

In Aruba's survey of more than 3,000 employees worldwide, 66 percent of U.S. workers said they feared the loss of personal information from their personal devices; 45 percent of European workers and 40 percent of those in the Middle East felt the same way.

Fifty-one percent of U.S. workers said their IT departments do nothing to ensure the security of corporate files and applications on their personal devices (compared with 34 percent of Europeans and 35 percent of Middle Easterners), and these concerns cause many workers (17 percent in the United States and Middle East, 15 percent in Europe) to keep their employers from knowing about their personal devices.

Another 11 percent in the United States, 13 percent in Europe and 26 percent in the Middle East said they would not immediately tell their employers if their personal devices were compromised, even if it resulted in corporate information being leaked.

There also is a distrust of IT departments. Forty-five percent of U.S. workers—more than in Europe and the Middle East—worry about IT departments accessing their personal data, while 26 percent in the Middle East and 18 percent in Europe believe their IT departments would interfere with their private data if they handed over the device.