BYOD Policies Have Limited Effectiveness, Persistent Security Issues

By Nathan Eddy  |  Print this article Print

IT leaders and IT professionals said their organizations are not effective in achieving BYOD's promise of lower IT expenses.

While the bring-your-own-device (BYOD) movement is in full swing, immature policies are putting sensitive organizational and employee data at risk, and the initiative’s value for many organizations is currently mediocre at best, according to a survey of more than 1,500 IT leaders and 2,000 IT professionals conducted on behalf of Teksystems.

More than half of IT leaders and 65 percent of IT professionals reported that their employers fall within one of three extremes regarding their BYOD policy: either "nothing has been communicated," "there are no official policy guidelines," or "employees are not allowed to use their own devices at work."

Furthermore, among the organizations that have some form of BYOD policy in place, approximately only half of IT leaders (48 percent) and just one-third of IT professionals (35 percent) said they believe the policy is crystal clear. In addition, approximately one-third (35 percent) of IT leaders and a quarter of IT professionals are not confident their organizations are compliant with government mandates.

"Organizations have an obligation to protect sensitive data pertaining to their clients and employees," TEKsystems research manager Jason Hayman said in a statement. "Without formal BYOD plans in place and consistent execution, organizations leave themselves exposed. Additionally, they may be failing to capitalize on the potential benefits of BYOD, including increases in productivity and collaboration."

Nearly half of both IT leaders and IT professionals believe their organizations are either achieving middle-of-the-road effectiveness or are completely ineffective across a variety of factors, and responses indicated the main value proposition of BYOD to date has been employee satisfaction, cited by 57 percent of IT leaders and 55 percent of IT professionals.

IT leaders and IT professionals also said their organizations are not effective in achieving BYOD's promise of higher customer satisfaction (60 percent and 56 percent) and lower IT expenses (62 percent and 58 percent).

Security remains a pressing and unsolved challenge for organizations implementing BYOD policies, with one-third of IT leaders and 46 percent of IT professionals confirming that their organizations do not have the capability to remotely wipe data off employee devices if necessary.

More worrying is the revelation that nearly three-quarters (73 percent) of IT leaders and IT professionals believe that sensitive company data is at risk due to employees accessing information from their personal devices, and approximately half said they feel that 25 percent or more of their companies' sensitive data is exposed.

"Given the threat of a data leak, any employee who does not understand an organization's stance on BYOD poses a risk," the report noted. "Failure to clarify the company's policy and educate end users on security best practices creates false and dangerous assumptions."

Originally published on www.eweek.com.