As more companies embrace the Bring Your Own Device (BYOD) movement to accommodate a rapidly evolving workforce, one question comes to mind: How are IT and security leaders handling this sudden wave of unmanaged devices that are now under their watch?
To find the answer and to get an accurate state of today’s BYOD security efforts within enterprises, Bitglass teamed up with leading industry research firm, Cybersecurity Insiders. We polled hundreds of cybersecurity professionals across industries to better understand how COVID-19’s resulting surge of remote work has affected security and privacy risks introduced by personal mobile devices being connected to corporate networks and resources.
The results were both surprising and enlightening.
We sat down with Cybersecurity Insiders Founder and CEO Holger Schulze to talk about the report and his thoughts on BYOD security.
First off, why do you believe doing a deep dive into BYOD security is important today?
As mobility and remote work environments keep growing, so do challenges ranging from managing device access to handling urgent mobile security concerns. The insights in this report are especially relevant as more enterprises shift to permanent remote work or hybrid work models, connecting more devices to corporate networks and, as a result, expanding the attack surface.
Ok let’s dive into the report, what were the key findings that you found interesting and surprising that our readers should know about?
Not surprisingly, we found that BYOD is here to stay with an astounding 82% of organizations enabling BYOD to some extent. Factors such as improved employee productivity and greater employee satisfaction were cited as the main benefits. We also found that BYOD was going beyond employees and to the “extended workforce” (e.g. contractors, partners and suppliers).
We also found that when it comes to top BYOD security concerns, data protection was on top of IT and security leaders' minds with 62% of respondents saying data leakage/loss, such as corporate data removal by a former employee, as their top concern. This was followed by users downloading unsafe apps or content, and unauthorized access to company data and systems. Interestingly, your typical security concerns, such as malware and vulnerability exploits, ranked lower on this list.
However, the most surprising finding from our research was that organizations today do not have the visibility to properly manage and secure the growing number of unmanaged devices connecting to corporate resources.
Can you elaborate on this lack of visibility?
Absolutely. When asked if any of their BYOD devices downloaded malware in the past 12 months, 22% of respondents said yes, but a surprising 49% said they were “not sure.” Also, when asked if any of their BYOD devices connected to a malicious WiFi in the past 12 months, over half (51%) said they didn’t know.
Also, even though organizations have visibility over email traffic on BYOD devices, they do not have visibility on data-centric applications, such as file sharing and cloud backup. This is surprising, since data protection is a top concern for IT and security leaders.
Where are organizations most challenged to achieve visibility to help bolster their security posture?
Many organizations lack visibility into applications on BYOD. Device apps that organizations have the most visibility into include email (74%), followed by calendar (58%), contacts (55%), and messaging (51%). Lacking this fundamental level of visibility across these basic applications does not bode well for enterprise BYOD security.
With Digital Transformation on top of many IT and security leaders’ minds, could not having a solid BYOD security strategy hamper their efforts?
As digital transformation initiatives quickly adapt to an increasingly hybrid work environment, personal devices will provide the flexibility and remote access that employees require. This new way of working, however, will undoubtedly stretch the balance between productivity and security. There has never been a more important time for enterprises to seriously rethink their approach to secure all forms of communication amongst users, devices, apps, or web destinations.
Download the Bitglass 2021 BYOD Security Report to learn more how IT and security leaders are handling the sudden wave of unmanaged devices that are now under their watch.
And to hear more from Holger Schulze on BYOD security, join us for Bitglass SASEDay 2021 on July 14, 2021. Holger will be among a panel discussing how BYOD is the “last mile” to digital transformation success. You can register to attend here.