50 Percent Contavene BYOD Policy: Survey

BYOD security“Over half of respondents around the world are ready to contravene company policy banning BYOD,” says slide 5 of the Fortinet 2013 Global Survey.

It’s based on findings of Fortinet Internet Security Census 2013, a 20-country online survey – including Canada – of 3,200 employees aged 20-29 conducted 7- October 2013 bySpringboard UK and Springboard America.

Yup – 50% claim they’re willing to contravene company policies restricting use of own devices, cloud storage, and wearable technologies for work.

“We focus on BYOD from a user perspective, because it’s seen the most,” said John Maddison, CMO, Fortinet. “Although we saw a 40% increase in those who won’t follow policies, the trend on devices and cloud are particularly in everyday life. When you use them all the time it’s easy to use them in the work environment.”

The findings indicate those respondents aren’t trying to hack or be malicious, however they prefer to do what they want with their devices, and in the cloud.

“People are naturally trusting of the cloud, be it Google or Dropbox, even when it contravenes IT policy,” Maddison said.

Responses about wearable devices were higher than expected, although attitudes differ by country. Canadians seem against the use of wearables in the workspace, whereas 20% of Americans want them.

“We wondered when wearables would make their way into to workplace,” said Maddison. “I think IT organizations are trying hard, but they’re not armed with the full suite of security agents. There’s limited support for wearables, versus what’s available for Windows laptops, for example.”

IT departments, are trying to catch up with the ways devices are being used and data is being moved around the network. When they get to wearable devices, you’ll receive permissions to access the data and that’ll be it.

“Only price and applications are holding them back. Which makes sense… if you can’t get the applications, why would you ever use it? When iPhone first came out, they were consumer oriented. They’re still a long way from being used in business.”

As for Canadians always being slightly less ready to accept new things compared to the USA, Maddison said it’s possibly because Canadians are pragmatic.

“I think the cloud piece is being adopted very much faster than people think,” Maddison said. “Everyone thinks it’s an Amazon-type cloud, but in reality it’s the consumer cloud. IT departments can’t track that data going into the cloud.

“For example if I have a 20MB PowerPoint presentation at home, and put it on Dropbox, IT has no idea. Either the file’s too big, or you can’t see it properly, or I use a personal device… you can upload that anywhere and IT department won’t have a clue.”

Yes, we’re all supposed to use training and two-factor authentication.

“If someone hacks your Google Box account, IT has no clue of what is there, why, how long it’s been, who’s accessed, or for what reason.”

Mobile networks have made all of this up- and downloading easier.

Maddison recommends…
1    Continue hammering on training, and make your IT policies more flexible.
2    Building hybrid public/private clouds is safer
3    Have a more network-centric view of security. You can’t control BYOD.
4    Move the emphasis to the network rather than endpoints.

“I’ve been in the security industry for 15 years, and every year there’s a new method of protection and schemes,” he said.

“In the end the infrastructure changes so quickly it’s almost irrelevant. Most people have the view that surrounding the data in the network is the way to protect it. That’s great when you have control. Over devices and cloud you don’t have control. If you build hybrid clouds, or your private cloud, it gets downloaded but at least it’s all sitting inside your control.”

Editor’s Note: This article initially appeared on our security-focused partnerSecureBuzz.ca, and is republished with permission. Check out SecureBuzz.ca for full coverage of Canadian IT security issues.