It may win the prize for being the research with the most surreal title, but the 'My dog ate my iPad' report comes with a very serious message attached and one that business would do well to listen to.
The full title of the independent research report, commissioned by SecureData, is actually 'My dog ate my iPad - security risks of the consumerised workplace' which addresses the hot potato that is summed up as BYOD or Bring Your Own Device.
Just how hot a potato? Well, according to this research at any rate, 98% of those surveyed were allowed to work from home at least once every month yet 96% of IT managers fear security risks when implementing policies for those remote home workers. That is, of course, if there is any such policy in place at all; the research suggests that 25% of businesses have no policies to cover BYOD working patterns.
The research itself was based upon a survey of 100 IT managers in large UK enterprises of more than 1,000 employees across the financial services, manufacturing, retail, distribution/transport and commercial sectors. Here's what it found:
69% of those surveyed use smartphones and tablet devices not supplied by the company to work remotely at home or whilst on the move (44% smartphones and 25% tablet devices) leading to potential vulnerabilities as unregulated mobile devices are connected securely with the office network.
100% of employees in the financial services sector are allowed to work from home at least once a month highlighting that businesses are willing to let employees work in their own environment even with businesses handling a greater volume of sensitive information.
25% of organisations do not have a policy in place for employees to work remotely via their own personal mobile devices (such as a smartphone or a tablet device) and don’t think it is a priority at the moment leaving them open to security breaches, including the loss of highly sensitive company data.
37% of respondents allow their children to use their work device e.g. laptop, smartphone and tablet device.
IT Managers have every right to be scared of the iPad-eating dog revealed by this research, and the major challenge facing business as BYOD becomes increasingly popular will undoubtedly be security. "The movement that is taking place in business, away from central command and control, is difficult for many in IT to see, let alone accept" says Roy Illsley, a principal analyst at Ovum, who concludes "The reality of the consumer cross-over is that these aspects of policy, procedure, and management must be addressed in a secure and risk controlled manner. One approach being considered by many organisations is to draft HR rules that allow personal devices to be used for corporate activity, but in return for providing a support service that backs up the device, the company has the right to wipe all data should the employee leave the organisation".
I'm a hacker turned writer and consultant, specialising in IT security. I've been a freelance word punk for over 20 years and along the way I have seen 23 of my books published, produced and presented programmes for TV and radio, picked up a bunch of awards and continue being a contributing editor with PC Pro - the best selling IT magazine in the UK .
either an organisation trains and equips their staff to work with company supplied equipment only, they accept the security risk inherent in demanding employees supply their own devices for corporate activities, or they ban all corporate activity outside the office (and all private devices from the office).
Each comes with a tradeoff, and the cost to the business of both the first and last option are far easier to calculate than the cost of the middle option, causing that one to be the one most often chosen.
It used to be the last one was the one most often chosen, but the cost of not allowing working on the move or from home has gone up so much, at the same time as the availability of relatively cheap laptops, notebooks, and smartphones that it's no longer a commercially viable option for most companies.
The best option for security would probably be option #1, have the company supply the equipment and train their staff in using it securely.
But even in companies that do supply equipment, the training is often forgotten or "postponed" (indefinitely) because of timing problems.
From personal experience I know that most people will not let their children use company owned equipment, and will be more careful with it than with privately owned equipment (even if it's identical equipment).