Treading dangerously, companies rush into BYOD without considering mobile security

Credit: http://www.flickr.com/photos/walkn/

Usually when the discussion of BYOD (bring your own device) is brought up in the workplace, potential security issues are one of the first things to be discussed. After all, if key business data, which can be something as simple as an executive's calendar or a confidential contact list, is on a smartphone that gets lost or stolen, there could be significant consequences if it falls into the hands of a competitor.

In some industries, there are expensive consequences. In healthcare, for example, lapses in security that expose patient data can net hefty fines. Earlier this year, for example, Blue Cross Blue Shield of Tennessee  finalized a settlement with the Department of Health and Human Services for $1.5 million for a recent breach (on top of a $17 million price tag for the investigation and remediation actions).

The Huge BYOD Risk You're Probably Ignoring
FINAL WEEK to register for CITE! Don’t miss the Sunday interactive workshops.

That makes it all the more shocking to read this press release from OnForce, a company that matches businesses and individuals with technology professionals and consulting firms. Accord to a recent report, IT professionals working in the BYOD field have noticed a steady uptick in requests related to person devices and BYOD setups. That's not surprising considering how commonplace BYOD is becoming.

The surprising and disturbing bit is that these technicians are not seeing a comparable increase in the number of businesses that are interested in configuring mobile security and/or setting up a mobile management strategy or solution. The result, according to OnForce, seems to be companies embracing the freedom of BYOD deployments without securing the devices, apps, or data involved. If OnForce's survey results are accurate, there could be hundreds or even thousands of companies out there at extreme risk of data or privacy breaches.

That said, the report should be taken with a grain or two of salt. OnForce essentially delivers on-demand technology outsourcing. That means that its clients may have no internal IT department or may have minimal technology resources. If that's the case, then its reasonable to assume that they may simply not know to ask about security options or mobile management.

OnForce does quote Gene Morris, general manager at BrightStar Enterprise Solutions - one of the companies that works with OnForce clients - as saying that his company attempts to educate clients about security risks while configuring personally-owned devices.

"I help businesses connect and configure personal mobile devices, and at the same time consult with them about the security risks. As BYOD continues to infiltrate the business environment, we do anticipate a significant uptick in mobile security implementations in the next 8-12 months."

Even with that caveat, it's sobering to think about the potential damage that could be done to any company as a result of a mobile data breach. To know that some businesses are taking a cavalier attitude to those dangers is a rather unsettling thing to consider.
 

Ryan Faas is a technology journalist and author who has been writing about Apple, business and enterprise IT topics, and the mobile industry for over a decade. Read Ryan's bio