As more companies adopt bring-your-own-device (BYOD) policies, IT managers face a whole host of security issues – but the situation is even more difficult at businesses with a large percentage of Generation-Y employees, a new study has found.
Network-security company Fortinet found that one in three "first-generation" BYOD workers have no problem skirting a company's security regulations that forbid them to use their personal devices at work or for work purposes. The findings, Fortinet says, underscore the urgency with which enterprises should develop security strategies to successfully secure and manage BYOD activity.
The global survey was conducted in May and June, asking more than 3,800 employees in their 20s about their perspectives on BYOD, its impact on their work environment and their approach to personal and corporate IT security.
Nearly three-quarters (74 percent) of respondents across all regions already regularly engage in the practice of BYOD. More importantly, 55 percent of respondents view using their device at work as a "right" rather than a "privilege."
From a user perspective, the primary driver of BYOD is that people can constantly access their preferred applications, especially social media and private communications. The dependence on personal communications is strong, with 35 percent surveyed admitting they could not go a day without accessing social networks, and 47 percent unable to last a day without texting.
It's not like these Gen-Y'ers don't understand the risks posed by BYOD to their organization. Forty-two percent actually believe potential data loss and exposure to malicious IT threats to be the dominant risk; yet this risk awareness does not prevent those workers from bypassing corporate policies. In fact, more than one-third (36 percent) admitted they have or would ignore a corporate policy banning the use of personally owned devices for work purposes. Of the 15 countries surveyed, the figure is highest in India, where two-thirds (66 percent) admitted they have or would skirt policy.
When asked about policies banning the use of non-approved applications, the figure remains approximately the same, with 30 percent of all respondents admitting they would use them anyway. The risk to organizations from non-approved applications looks set to grow. Almost 70 percent said they are interested in Bring Your Own Application (BYOA) – where users create and use their own custom applications at work.
The survey also hinted at the resistance organizations might face with regards to implementing security on an employee’s device. The majority (66 percent) of respondents consider themselves – not the company – to be responsible for the security of the personal devices they use for work purposes. This is three times the number who believe responsibility ultimately rests with their employer (22 percent).