There have been many prognostications about the bring-your-own-device movement, the phrase used to describe the phenomenon of people using their own IT equipment for work purposes. Mainly, it covers mobile devices from smartphones to notebooks. No one doubts it is happening, the question is the depths to which it will penetrate. Instead of looking at this as resale revenue lost, you might want to start thinking about this as security service revenue gained. That’s because a new member survey from ISACA, a security technology association, finds that more than half of U.S.-based IT decision makers view these non-sanctioned devices as a bigger security threat than those supplied by the company.
The 2011 ISACA IT Risk/Reward Barometer also found that 27 percent of the respondents, however, felt that the benefits of these mobile systems were worth the risks. My guess is that often the people who bring mobile devices into their workplace wouldn’t be on the list for a company-requisitioned device, which means they are probably more productive than they would be otherwise. There were approximately 2,800 people surveyed as part of the data-gathering process.
Said John Pironti, a security expert who is an advisor to ISACA and president of IP Architects:
“[BYOD] lets both employees and organizations take advantage of the latest technology innovations at limited cost to the organization. Unfortunately, it also introduces new vulnerabilities, due to the limited ability of most organizations to effectively manage and secure employee-owned devices accessing their information infrastructure. Organizations should educate their employees on their BYOD security requirements and implement a comprehensive mobile device policy that aligns with their organization’s risk profile.”
Smells like a managed service to me, everything from assessment to mobile device management. This is especially timely given another finding in the survey: That organizations believe that IT security and risk management should be embraced more closely in overall enterprise risk management strategy.