The Acronis 2013 Global Data Protection Trend Report investigated organisations reactions to four key challenges organisation's IT departments are currently facing - the readiness for secure mobile collaboration and BYOD, the explosion in data growth, the continuing impact of virtualisation on backup and disaster recovery planning, and continue to monitor the use of cloud for storage and disaster recovery.
The first part of the survey released recently looks at the issues the enterprise are currently having when dealing with BYOD, 570 UK IT practitioners participated in the survey.
James Rawbone, Senior Partner Account Manager EMEA, Enterprise Mobility Solutions at Acronis, gives his opinions on why and how enterprises are currently being ignorant towards the issues BYOD can and are causing to their business.
How was the research carried out and when?
The research was carried out by the Ponemon Institute, which uses a combination of omnibus and custom survey sampling methods online. The survey included proprietary samples of qualified IT practitioners in small, medium and large businesses. Ponemon Institute conducted the research during March and April 2013.
What was the most surprising result?
We identified five surprising trends:
1. There are big gaps in secure BYOD policies across organisations
Executives are putting business at risk, the survey found that only 60 per cent of businesses have no personal device policy in place, and, among those with policies, 24 per cent make exceptions for executives, who are most likely handling the most sensitive corporate data. As a result, these organisations are increasingly vulnerable to data loss and serious compliance issues.
2.Simple security precautions are not being adopted
Only 31 per cent of companies mandate a device password or key lock on personal devices, and only 21 per cent perform remote device wipes when employees leave the company, drastically increasing the risk for data leakage.
3.Businesses underestimate the dangers of public clouds
Corporate files are commonly shared through third-party cloud storage solutions such as DropBox, but 67 per cent of organisations don't have a policy in place around public clouds and 80 per cent haven't trained employees in the correct use of these platforms.
4.The growth of Apple devices is complicating BYOD security for administrators
65 per cent of organisations will support Macs in the next year, and more than half (57 per cent) feel compatibility and interoperability are still big obstacles to getting Macs compliant with their IT infrastructure. This puts data stored and shared across the corporate network and on Apple devices at risk.
5.Some organisations are ignoring the benefits of mobile collaboration altogether
More than 30 per cent surveyed actually forbid personal devices from accessing the network.
Why do you think organisations are not educating or training their employees on the risks of BYOD or the use of cloud based solutions like DropBox?
Time and money. Most companies are struck with tight budgets across the board and in particular within their IT department, as well as their overall staffing.
Unaware or ignorant. Companies are either not tackling the issue because they are unaware that their staff are using these solutions, or they are turning a blind eye to the issues effect their corporate data and overall IT infrastructure.
Are there any legal or compliance issues associated with BYOD, which are making companies, stick their heads in the sand when it comes to BYOD?
It depends on each market but more generally BYOD can be adapted to each compliance regulation and rule. The main concern of BYOD is data protection, and ensuring that as employees bring devices to-and-from the workplace, confidential corporate data is adequately protected while remaining easily accessible. An important component of data protection, often not addressed by BYOD strategies, includes ensuring that information and records comply with privacy laws like the Health Insurance Portability and Accountability Act (HIPAA) and Sarbanes-Oxley (SOX), as well as specific industry and regional privacy regulations.
How important is it to have your data secured on a mobile device?
There are no limits to what you can do with a mobile device in a corporate network. For instance you can copy anything, synchronise any information you like and even take pictures of confidential documents. If someone is willing to copy corporate data they can easily do it, if they are determined enough and currently there is no way to restrict this type of behavior.
The important thing every business needs to remember is that mobile devices can be replaced for a small cost in comparison to having your confidential data stolen and used incorrectly.
What is the biggest challenge when it comes to BYOD: coming up with an effective policy or making sure that employees act according to the policy?
An important component of data protection, often not addressed by BYOD strategies, includes ensuring that information and records comply with privacy laws and specific industry and regional privacy regulations. With the rapid increase and influx of personal mobile devices, and the 31 per cent of businesses who are forbidding the use of these devices in the work place are setting themselves up for a fall.
This is not realistically sustainable, and will force employees to work around corporate policies and rules. What comes with this is a lack of control of the exchange of employees and corporate private data.
Companies need to embrace the evolution of technology and look at the business benefits of BYOD. Otherwise they will be facing some serious network and data issues and worst of all potentially facing some legal problems in the coming future.
What do you recommend companies do when it comes to BYOD, Cloud Filesharing and Mac support?
Creating a mobile device security policy doesn't have to be complicated, but it needs to encompass devices, data and files. There are a number of simple things organisations should do, like require users to key-lock their devices with password protection. 68 per cent of who were surveyed use VPN or secure gateway connections across networks and systems, and 52 per cent use Active Directory and/or LDAP.
The simplest place to start is to use device key-lock and password protection. Whether organisations chose to opt for VPN security, key locks, Active Directory Monitoring or endpoint security, the choice is theirs. But it is time for businesses to decide on which route totake.
What are the key dangers/risks of public clouds?
The key risks of public clouds are data protection. Everyone, at some point, has been guilty of saving corporate presentations or other files and documents in free public clouds, like DropBox and Google Drive. It's convenient instant access, right? True, but public clouds are not secure, and leave data constantly vulnerable in the digital ether.
Public cloud application environments are also often incompatible with the IT infrastructure, causing business processes to become disjointed, and employee productivity to slow down. IT departments are well aware of the threats associated with using public cloud environments, so why aren't they mandating policies around public clouds.
How should businesses protect themselves when they are using a public cloud service?
Training employees on the risk of public clouds is a good place to start, but implementing a mobile file management solution can solve a problem like this. It allows access and synchronisation of all the employees work files so they won't need to resort to using services like DropBox for example because they can access what they need from a selection of their devices.
Employees will from then on keep using DropBox or SkyDrive for their own personal files and revert to their corporate container whenever they want to access or save work files.
What changes do you expect to see in the developments of BYOD in the next five years?
It is time for organisations to stop sugar coating or ignoring the risks and challenges that accompany BYOD bliss. Organisations need to decide which end of the spectrum they are on, and find a solution that enables secure mobile file access and management as well as Apple integration.
There is no excuse to keep having these issues, there are plenty of solutions to aide businesses with mobile device domination. Organisations can now be equipped with Acronis BYOD survivor guide's tips to start practicing safe BYOD and ensuring adequate data protection across the many devices that pass through your business on a daily basis.