Published on the 18/07/2013 | Written by Newsdesk
Most Australian companies have yet to implement a policy regarding Bring Your Own Device initiatives, and even those that do tend to let the CEO off the hook, introducing high levels of risk…
An international survey of IT professionals has revealed that although 43 percent of Australian organisations have a BYOD policy in place the majority still don’t. A startling 45per cent have no policy now and no plans to remedy the situation in the future. And, lest those companies which do have a BYOD policy start feeling safe and secure, 27 percent admit they make exceptions for senior executives – paradoxically the people with potentially the most sensitive data to lose.
Conducted by the Ponemon Institute on behalf of data security firm Acronis, the survey also uncovered some disturbing sectoral differences. For example the financial services sector has the worst track record with only about a quarter of organisations having implemented a BYOD policy. This is in stark contrast to enterprises in the health sector where 65 percent have a policy in place.
According to Simon Howe, sales director, mobility solutions for Acronis in APAC, while CIOs need to balance the need for data security with data availability, many are introducing high levels of risk by failing to roll out policies or inform employees of their obligations regarding data security. Besides the lack of policies Howe said there was scant evidence that organisations were mandating even password protection on BYOD access, or had the wherewithal to wipe devices of corporate data if they were lost or stolen – only 15 percent of Australian organisations report that they do this.
Of course wiping the CEO’s personal device may take particular levels of CIO courage. Howe acknowledged that CIOs need to tread carefully when laying down the law to C-suite executives about how they could use technology – “a heavy handed approach from the CIO isn’t going to work,” he said – but added that it was still possible to deploy technical solutions to limit what could be accessed from an employee-owned device and to wipe that information if the device went missing.
Howe said that to better protect themselves companies needed to ensure they had BYOD policies in place, ramp up security, run training and education initiatives, and deploy technology that would allow the CIO to deliver content and systems access in a secure and managed way. Acronis has released a guide for companies which you can read here.
