Firms weaken security to accommodate iPads

Staff's own devices are being allowed on to corporate networks without adequate security

Firms are being forced to weaken corporate IT security procedures in order to accommodate devices such as the iPad, new research has revealed.

A survey of IT decision makers by systems integrator Dimension Data found that 84 per cent of IT chiefs recognise that employee-owned devices, such as iPads, smartphones and laptops, represent a growing security threat to the enterprise.

Despite this, just over half allow such devices to be used for work and nearly 40 per cent do not force users to encrypt data and a third do not have anti-virus tools installed.

This pattern represents a significant chink in IT security, and a security director at Dimension Data, Chris Jenkins, said unless staff are forced to encrypt data on devices they use for work there is the potential for sensitive corporate data to leak out.

There are huge benefits to be had from allowing employee-owned devices into the enterprise, but they have to be managed carefully, he added.

“You need to strike a balance between productivity and security,” said Jenkins. “If a member of staff wants access to corporate systems they should accept that IT will have to install encryption, anti-virus etc onto that device first."

Firms should also consider the legal implications of allowing employee-owned devices onto their networks, said Louise Taylor, a senior associate at law firm Taylor Wessing.

“If an employee is using a device for work, both the business and the employee have legal obligations to protect confidential information and personal data. These obligations apply regardless of whether the employee or the business owns the device,” she said.

The findings were based on interviews with 200 UK IT decision makers working for organisations with more than 500 staff.