BYOD Security Management Still an Issue for Businesses

Nearly three-quarters (72 percent) of organizations, led by the financial services sector, support BYOD for all or some employees, according to a recent Bitglass survey.

However, relatively few organizations are able to control access to corporate data, remotely wipe devices or enforce device encryption, the survey found.

The survey, which polled more than 800 cyber-security professionals in the financial services, technology, healthcare, government and education sectors, found just 14 percent have successfully deployed mobile application management (MAM) solutions.

“The level of concern with respect to security in BYOD is really no different than with other types of IT systems,” Rich Campagna, vice president of products at Bitglass, told eWEEK. “Regulated industries such as health care and financial services require that large numbers of users handle personally identifiable information, and the success of their business depends on their ability to protect customer data. The fact that these users are often mobile and demand BYOD access makes security particularly challenging.”

He noted fewer than half of organizations are doing anything other than password protection on BYOD devices—even choosing to forgo policy basics such as remote wipe and encryption.

“It seems that in an effort to support the demands of mobile users, security has been thrown out the window,” Campagna said.

The report found that 62 percent of healthcare organizations see compliance as a top security concern, due to HIPAA’s stringent requirements.

Notably, organizations across all sectors were concerned with data leakage—including 81 percent of financial services organizations, 90 percent of healthcare organizations and 79 percent of education organizations.

Higher education lagged behind other industries in enforcing essential risk-control measures—just 18 percent of those surveyed have access controls in place, and just 29 percent have the ability to remotely wipe devices, the survey noted.

In addition, just 14 percent of organizations have adopted MAM tools since their introduction in 2010, with most respondents citing employee privacy concerns and usability issues as top challenges to adoption.

“All too often, when we see employees push back on MDM tools due to privacy, deployment challenges or user experience issues, a decision is made to allow that user to bypass those controls, prioritizing access over security,” Campagna said. “The root cause is the fact that the industry has tried to shoehorn a tool best-suited for managed device security into BYOD.”

The report also found that device encryption was supported in only 36 percent of educational institutions, 56 percent of financial services organizations and 57 percent of healthcare organizations.