IT managers know that bring-your-own-device (BYOD) policies can make users more productive, but they're still extremely nervous about the security risks -- particularly data leaks.
That's the conclusion of a survey from Dell and Quest Software released yesterday (PDF here). Dell/Quest interviewed more than 1,400 IT managers on their attitudes and experiences in BYOD. While they clearly recognized benefits such as "BYOD can help our workers be more productive" (74% agreed) and "BYOD helps employees respond to customers" (70% agreed), security concerns weigh heavily on their minds.
Two-thirds (66%) of IT managers agreed that a BYOD policy "massively increases security risks." In the United States, managers are even more nervous, with 80% agreeing with that sentiment.
Another big concern: with BYOD, IT can only control the device, not the user -- a sentiment that 61% agreed with.
This is actually starting to change. The first generation mobile device management tools focused on locking down devices with tactics like password requirements and remote wipe. But most dedicated MDM vendors, like Good Technology and MobileIron, are expanding their approach to focus on data and applications rather than individual devices, using tactics like app wrapping so that sensitive data can only be shared among qualified apps and users, regardless of the device it's on.
The survey also revealed that 90% of companies who have rolled out a BYOD program have experienced at least some problems. Not surprisingly, many of these problems involve data security -- the risk that somebody will get access to information they're not supposed to have. Here's the list, with data security problems in boldface:
- Abuse of policies by employees (36%)
- Theft or loss of mobile devices (33%)
- Lack of control over applications or data on devices (33%)
- Employees leaving the company with access to data and intellectual property on their devices (32%)
- Unauthorized data distribution once data is on a device (29%)
- Unknown, unmanaged, or unauthorized devices accessing the network (28%)
- Increased IT resources required to support BYOD users (27%)
- Slow provisioning of new mobile devices for employees or contractors (24%)
- Slow deprovisioning for employees who leave (16%)
- Not being able to provide users with the specific tools they need (13%).
The top two problems are definitely data security problems as well, although they're broader than that -- abuse of policy could cover many things (such as using time-wasting apps), and theft or loss also means a loss of productivity and increased administrative costs.
But overall it's clear that IT managers are still crying out for better data security on mobile devices. The vendors who deliver these solutions -- and communicate them to IT departments -- have a huge opportunity ahead of them.