Please note that this is a page from a previous version of Continuity Central and is no longer being updated.

To see the latest business continuity news, jobs and information click here.

Business continuity information

A growing threat to corporate networks: employee-owned devices

UK organizations are struggling to get the basics right when it comes to securing mobile devices – especially employee-owned devices - at work. An alarming 39 percent of UK businesses that allow employee-owned devices at work do not use encryption to protect the corporate data on them. And 17 percent of organizations that support remote or mobile working don’t have anti-virus measures on mobile devices, and 34 percent don’t have anti-spam. This is despite the recent spate of high profile IT security incidents in the UK, and abroad, and widespread acceptance of the mounting security risks arising from the use of mobile devices at work.

The above is according to an independent study commissioned by Dimension Data, which shows that over half (51 percent) of large UK businesses allow the use of employee-owned devices - such as iPads, tablets, laptops, or smartphones - for work. It also reveals that CIOs and IT managers accept that user-owned devices represent an important, growing security risk: 84 percent of all respondents agree that the use of such devices at work significantly increases the risk of serious, damaging data leakage incidents. Similarly, 82 percent agree that opening up corporate data to employees to support mobility and productivity does the same.

Chris Jenkins, Security Solutions Line of Business Manager, Dimension Data UK, says: “The mounting challenge facing businesses is that, although the need to protect data security hasn’t changed, the means of protection must change in response to how the means of access are constantly changing. Our study - and the steady stream of major data loss incidents - shows that businesses are playing catch-up. They are struggling to control corporate data when the network perimeter is increasingly porous, and workers, suppliers, partners and so on are taking the business equivalent of the crown jewels out of the tower on a daily basis, in a multitude of ways.”

Importantly, even the businesses that don’t allow user-owned devices at work are likely to have the same data security challenges as those that do, as employees are bringing their own gadgets to work anyway. A recent global study by Unisys http://www.unisys.com/unisys/news/detail.jsp?id=1120000970004210162 found that 95 percent of respondents use at least one self-purchased device for work.

“Completely unmanaged mobile devices connecting to the corporate network are obviously a greater security risk than sanctioned, managed devices,” says Jenkins, “so their growing presence at work makes this issue even more critical.”

Jenkins insists that organizations can handle data security in a way that embraces employee-owned devices. “It’s a matter of balancing the employee benefit of using their device for corporate access against the business requirement for data security. For instance, a business could supply encryption software free of charge to the employee on the basis that they accept that the business retains the ability to remotely wipe the device if necessary. The organization could then use NAC to allow authenticated and profiled devices onto the corporate network and unauthenticated devices only Internet access.”

Louise Taylor, Senior Associate at international law firm Taylor Wessing, adds: “Protecting data on mobile devices is not simply a matter of deploying appropriate security technology - although such technology is crucial. Businesses may also need to update their IT or other employee policies to clarify their data security practices regarding the use of mobile devices and the related employee obligations. Employees need to understand and buy into the importance of securing confidential and personal data in order to minimise the legal and other risks arising from data loss or security breaches.”

Taylor continues, saying: “If an employee is using a device for work, both the business and the employee have legal obligations to protect confidential information and personal data. These obligations apply regardless of whether the employee or the business owns the device.”

The study, conducted by Vanson Bourne on behalf of Dimension Data, involved a representative sample of IT decision makers (CIOs, IT Directors, IT Managers, etc.) from UK businesses with over 500 employees. The 200 respondents were surveyed in February and March 2011.


•Date: 14th June 2011 • Region: UK •Type: Article • Topic: ISM

Business Continuity Newsletter Sign up for Continuity Briefing, our weekly roundup of business continuity news. For news as it happens, subscribe to Continuity Central on Twitter.

How to advertise How to advertise on Continuity Central.

To submit news stories to Continuity Central, e-mail the editor.

Want an RSS newsfeed for your website? Click here