Start New Discussion within our Mobile and Wearables Community

It may win the prize for being the research with the most surreal title, but the 'My dog ate my iPad' report comes with a very serious message attached and one that business would do well to listen to.

The full title of the independent research report, commissioned by SecureData, is actually 'My dog ate my iPad - security risks of the consumerised workplace' which addresses the hot potato that is summed up as BYOD or Bring Your Own Device.

Just how hot a potato? Well, according to this research at any rate, 98% of those surveyed were allowed to work from home at least once every month yet 96% of IT managers fear security risks when implementing policies for those remote home workers. That is, of course, if there is any such policy in place at all; the research suggests that 25% of businesses have no policies to cover BYOD working patterns.

The research itself was based upon a survey of 100 IT managers in large UK enterprises of more than 1,000 employees across the financial services, manufacturing, retail, distribution/transport and commercial sectors. Here's what it found:

  • 69% of those surveyed use smartphones and tablet devices not supplied by the company to work remotely at home or whilst on the move (44% smartphones and 25% tablet devices) leading to potential vulnerabilities as unregulated mobile devices are connected securely with the office network.
  • 100% of employees in the financial services sector are allowed to work from home at least once a month highlighting that businesses are willing to let employees work in their own environment even with businesses handling a greater volume of sensitive information.
  • 25% of organisations do not have a policy in place for employees to work remotely via their own personal mobile devices (such as a smartphone or a tablet device) and don't think it is a priority at the moment leaving them open to security breaches, including the loss of highly sensitive company data.
  • 37% of respondents allow their children to use their work device e.g. laptop, smartphone and tablet device.

IT Managers have every right to be scared of the iPad-eating dog revealed by this research, and the major challenge facing business as BYOD becomes increasingly popular will undoubtedly be security. "The movement that is taking place in business, away from central command and control, is difficult for many in IT to see, let alone accept" says Roy Illsley, a principal analyst at Ovum, who concludes "The reality of the consumer cross-over is that these aspects of policy, procedure, and management must be addressed in a secure and risk controlled manner. One approach being considered by many organisations is to draft HR rules that allow personal devices to be used for corporate activity, but in return for providing a support service that backs up the device, the company has the right to wipe all data should the employee leave the organisation".

The report is available to download here.

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

either an organisation trains and equips their staff to work with company supplied equipment only, they accept the security risk inherent in demanding employees supply their own devices for corporate activities, or they ban all corporate activity outside the office (and all private devices from the office).

Each comes with a tradeoff, and the cost to the business of both the first and last option are far easier to calculate than the cost of the middle option, causing that one to be the one most often chosen.
It used to be the last one was the one most often chosen, but the cost of not allowing working on the move or from home has gone up so much, at the same time as the availability of relatively cheap laptops, notebooks, and smartphones that it's no longer a commercially viable option for most companies.

The best option for security would probably be option #1, have the company supply the equipment and train their staff in using it securely.
But even in companies that do supply equipment, the training is often forgotten or "postponed" (indefinitely) because of timing problems.

From personal experience I know that most people will not let their children use company owned equipment, and will be more careful with it than with privately owned equipment (even if it's identical equipment).

The article starter has earned a lot of community kudos, and such articles offer a bounty for quality replies.