During Symantec’s recent Symantec Visionconference in Las Vegas, they surveyed 236 attendees about their BYOD initiatives. The survey sought to identify how companies are addressing BYOD.  What are the challenges? Policies? Mobile device usage? And, how are devices being managed?  But, one of the more interesting (dare I say, scary) results from the survey was the risk factor of enabling end-users to carry around their own personal devices stuffed with corporate data. In fact, Symantec’s own blog post title to announce the survey results is entitled: Despite Security Incidents, BYOD Worth The Risks

Even the title is scary. It seems to indicate that security incidents have already happened, yet businesses see potential loss of data as OK.

We live in a world where Facebook, Foursquare, and Google have desensitized the general consumer against privacy and security, so it actually makes sense that these same consumers, that are also part of a corporate structure, would represent the greatest risk to the business. As businesses strive to eliminate costs, they are also becoming desensitized to the real dangers of allowing end-users to be unwitting merchants of espionage.

Symantec’s survey outlines the top risks associated with the results that have been experienced within the last year.  They are:

  • Lost or stolen devices (60 percent)
  • Spam (60 percent)
  • Malware infections (43 percent)
  • Phishing attacks (40 percent)
  • Exposure of confidential information (19 percent)

But, there’s one additional factor they left out: Litigation. And, this may end up being the most costly factor of all. There are already reports of potential lawsuits consisting of employees who have taken offense to “Big Brother” monitoring and managing their personal devices, despite the employer consenting to allow the non-corporate devices access to the corporate network and data. Neither side can win this one. Part of BYOD policy is enabling remote wipe on personal devices if it contains corporate information. The problem is, because the device contains both company and personal data and apps, when the device gets erased according to policy, everything goes – even end-user data.  Oops.

Here’s a couple headlines about BYOD and legal issues to educate yourself on this growing risk factor:

So, with all of the hubbub going around about the risks of BYOD, what’s next? Do we blindly deploy or wait for the critical pieces to get worked out? To me, there’s too many unknown variables.

BYOD is yet another industry buzzword of the day. In my opinion, BYOD is a concept brought on by an industry trying hard to make money in a slow economy. When the current market is slow to expand, go in a different direction. And, if there is no different direction immediately available, make one up. Create an industry out of nothing and sell the public on it. It’s the new supply and demand model.

So, is there a solution? Actually there is. Corporate Owned, Personally Enabled (COPE) policy is a growing alternative to BYOD. And, it actually makes sense because, well, it’s really no different than what companies have been doing since the beginning. I’ll toss up some coverage about this soon. Stay tuned.

In the interim, make sure you read through Symantec’s entire report:  Survey: Despite Security Incidents, BYOD Worth The Risks