A worldwide survey of 512 IT professionals conducted on behalf of Cisco by InsightExpress found employees are consistently working around information technology security policies to use unsupported devices and applications and more than half of survey respondents determined that their employees use unsupported applications. More than half (51 percent) listed social networking as one of the top three biggest security risks to their organization, while one in five (19 percent) considers it the highest risk.
The survey, “Consumers Influence on Enterprise IT”, found 68 percent of employees used unsupported social networking applications, 47 percent used unsupported collaborative applications and peer-to-peer applications and 33 percent employed forbidden cloud computing applications. One in five (19 percent) considered the use of social networking sites and applications as posing the highest risk to the company.
"Increasingly, unapproved and unmanaged personal devices in the corporate environment are hastening the need for more intelligent security management,” said IDC’s program vice president for security products and services group Chris Christiansen. “These ‘solutions’ must deal with difficulty of protecting individuals and corporations while providing a positive user experience and corporate data access from any device, anywhere, anytime."
However, the survey found despite these trends, about half (53 percent) of IT respondents said they are likely to allow personal devices on the network in the next 12 months and seven percent said they already support personal devices, particularly in China and India. Indeed, 71 percent of the survey respondents said that overly strict security policies have a negative impact on hiring and retaining employees under age 30, despite the security risks posed by such applications.
Relative to other countries, survey respondents in Germany and Japan reflected weaker involvement in assessing vulnerabilities and lower instances of discovering employee use of unsupported applications or network devices. The report concluded businesses in those countries are unlikely to permit use of personal devices on the enterprise network in the next year. Overall, 41 percent of respondents determined that employees have been using unsupported network devices. However in Germany, nearly three-quarters of respondents (74 percent) indicated that they have not.
Fred Kost, director of security solutions at Cisco, said the best strategic approach is to focus less on restricting usage and more on effective solutions to ensure highly secure, responsible use. "As the lines between personal and business computing increasingly blur, it is becoming clear that employees are going to use social networking and personal devices whether permitted or not,” he said. “Organizations should develop education programs, corporate policies and best practices in order to realize the extensive business benefits of social networking while protecting against the variety of potential threats that it can present."