The results of our latest survey reveal that, contrary to popular perception, BYOD (bring your own device) actually increases costs to businesses. Survey respondents at InfoSec Europe 2012 were asked if they believed allowing employees to connect their own devices (such as USB drives, mobile phones and portable PCs) to the corporate network increased costs. Guess what? 67% said yes, BYOD does indeed increase costs.
Drilling down a bit, when asked what caused the organization the biggest headache, almost half of respondents (43%) cited an employee device introducing a virus; more than a quarter (26%) pointed the finger at employees losing a device; followed by 22% who said that employees stealing data is the biggest concern.
And this was no mere random man-in-the-street survey. Our respondents were IT professionals at the forefront of protecting and managing the IT infrastructure; men and women who have to balance the desires of the workforce for a flexible and convenient work environment against the organizations’ requirement for reliable and secure operations.
Of course these results can be construed in multiple ways, but here’s my take (or at least one of them) on this topic:
The problems identified with BYOD are much worse for SMBs than they are for enterprise-level organizations. The enterprise typically has a large IT staff, and a budget for the latest security and administration tools, to properly support a BYOD environment. At the SMB level, it’s easier for IT staff – if there even is any – to become overwhelmed with routine day-to-day tasks, leaving no time to dedicate to outside devices.
Similarly, large enterprises usually maintain mail servers, with industrial-strength security capabilities, in-house, while SMBs often rely on consumer-oriented free email services, which are much less secure. This disparity can result in employee-owned devices being hacked, since security on the free email services is often weak.
One other note of caution. As I stated in a previous blog post, an organization has every right to wipe data from a device in the event of a problem, a fact that should make employees reconsider using a personal device at work.
More results can be found on the Lieberman Software website.
The survey took place at Infosecurity Europe 2012 in London. Nearly 250 IT professionals from organizations of all size participated.