I thought we could examine a recent theme in a little more detail this month: the challenges of dealing with the consumerization of IT devices in the workplace. We recently completed a study, in partnership with Symantec, that looked at the security and compliance risks of a mobile workforce. It affirmed what I've believed for a long time, namely, that there is a consensus that mobile workers pose a great risk and that, for the most part, businesses are not prepared to mitigate that risk.
Today, every business has a mobile workforce of one form or another. The larger the organization, the greater the challenge. And this mobile workforce is important. Most businesses understand the benefits of untethering their employees and pushing corporate resources out into the field. But as these workers carry corporate data outside the traditional enterprise, they increase the risk of loss, theft or misuse.
[Also read 5 questions to ask about tablet security]
Although businesses have gotten pretty good at protecting their laptops, the challenge grows exponentially as more and more devices (iPads, Android devices, and so on) are introduced into the equation. Most businesses are still coming up short in their efforts to protect these devices--not just from a technical standpoint, but also from the point of view of enforcing corporate policies that govern the acceptable use of mobile devices.
Most businesses surveyed do not use any technological solutions to enforce compliance with corporate acceptable-use policies (monitoring and enforcement, as we all know, are key tenets of a good security program--the old "trust but verify" axiom).
There are a variety of reasons that businesses haven't adopted solutions to address this issue; the most common are related to budget and resource constraints, and where this issue falls in the pecking order of security priorities. But at the same time, 91 percent of survey respondents believe that there is a significant likelihood that mobile employees will violate their acceptable-use policies.
But if you are not willing to accept violations of acceptable-use policies among tethered workers, why do you accept violations from mobile workers? With a clear understanding of the risks, security executives need to be more proactive in addressing these security shortcomings so they can protect their organizations from compliance missteps.
Failing to do so is quickly becoming a mistake that businesses cannot afford to make.