08 Jun 2011
Firms are being forced to weaken corporate IT security procedures in order to accommodate devices such as the iPad, new research has revealed.
A survey of IT decision makers by systems integrator Dimension Data found that 84 per cent of IT chiefs recognise that employee-owned devices, such as iPads, smartphones and laptops, represent a growing security threat to the enterprise.
Despite this, just over half allow such devices to be used for work and nearly 40 per cent do not force users to encrypt data and a third do not have anti-virus tools installed.
This pattern represents a significant chink in IT security, and a security director at Dimension Data, Chris Jenkins, said unless staff are forced to encrypt data on devices they use for work there is the potential for sensitive corporate data to leak out.
There are huge benefits to be had from allowing employee-owned devices into the enterprise, but they have to be managed carefully, he added.
“You need to strike a balance between productivity and security,” said Jenkins. “If a member of staff wants access to corporate systems they should accept that IT will have to install encryption, anti-virus etc onto that device first."
Firms should also consider the legal implications of allowing employee-owned devices onto their networks, said Louise Taylor, a senior associate at law firm Taylor Wessing.
“If an employee is using a device for work, both the business and the employee have legal obligations to protect confidential information and personal data. These obligations apply regardless of whether the employee or the business owns the device,” she said.
The findings were based on interviews with 200 UK IT decision makers working for organisations with more than 500 staff.
Far from being forced to weaken security, many of us are seizing the opportunity to strengthen it and review our policies.
Your numbers may be a little flawed, or at best, underreported. For example, how many of the 40% who do not enforce encryption only permit IOS devices that are encrypted by default?
The issue here is not that the devices are permitted per-se, but that full risk assessment and control enforcement need to be executed to address risk. There are many Mobile Device Management platforms out there to help you roll out these devices with minimal risk and with additional controls such as Jailbreak detection and selective remote wipe.
More balance, less scaremongering please.
Posted by: Anon 14 Jun 2011
I'm not entirely sure that iPads bring any security risk. They will use whatever security the company already has set on their Exchange server and access whatever internet is available through company wi-fi.
Personal laptops on the corporate network is a whole minefield of issues, both securiy and data.
Posted by: James Fleming 09 Jun 2011
Have your say on this article
Newsletters
Latest stories from Security Technology
Latest videos
You may also like
Security Technology jobs
Do you think the G-Cloud will be a success?
Former British Airways CIO Paul Coby tells Computing about his transition to being CIO at John Lewis
Rubbish in... rubbish enterprise. Why proper data management is so important (video, 6 min)
This Forrester report compares the costs and benefits of legacy email and productivity software with Google Apps
Upcoming Events
Join us to meet other professionals tackling this issue, and hear from Goy Roper, interim head of ICT of Norfolk County Council how his organisation deployed a flexible and intelligent network to cope with the challenge
Date: 07 Mar 2012
Time: 9am
The implementation of robust, relevant digital strategies is more crucial than ever to the success of insurance businesses
Date: 01 Mar 2012
Time: 09:00am
Receive the latest jobs direct to your inbox
Are you being paid what you are worth?
