Half of Australia business concerned about BYOD access, but few act upon it: Unisys

IT services provider finds that a lot of Australian businesses are not strengthening their mobile security

Few Australian organisations are considering sophisticated security measures.

This is despite more than half of Australian businesses in Unisys’2012 Australian Consumerisation of IT research being concerned about employees accessing business data via a smartphone or tablet in the workplace.

Unisys Asia Pacific security program director, John Kendall, attributes this concern to mobility extending the end points of access into the corporate network, beyond office walls and the network firewall.

“IT decision makers have consistently cited security as a key issue for a mobile workforce, regardless of whether the devices used are company supplied or owned by the employee, over the last three years that we have run the research,” he said.

Kendall says the risks are both accidental, such devices being lost or used by friends or family, and malicious, such as devices being stolen or malware on mobile apps.

“Organisations see that mobility in the workplace is inevitable and now they are taking action to minimise the risk,” he said.

However, Kendall admits that effective security requires more than managing access to the device and the applications on the device.

For one, it also requires a combination IT, HR, and legal security policies that are enforced, as well as employee education.

“Employees need to know what the risks, how to avoid them and the consequences of not doing so,” Kendall said.

Ignoring the threat

While 56 per cent of Australian organisations identified security as a continued concern, the report found that only 18 per cent of respondents are considering token-based authentication and 15 percent are looking at biometric-based authentication.

Even though 90 percent of local organisations are saying they have a security policy in place, Kendall says it is worrying that a third of employees are not aware of their company’s security policies.

“These people could unintentionally put sensitive data at risk by not taking the appropriate security precautions to protect the data on their mobile device,” he said.

For Kendall, it appears that many organisations are under the impression they are “protected by simply creating a security policy that covers mobile devices.”

“However, it’s of no use if employees don’t know about or understand it,” he said.

With six percent of Australian employees in the survey saying they ignore or work around security policies, Kendall said it is important that they understand "why the polices are in place and what the consequences are from not adhering to them."

Time to change

As for what needs to change in order for security measures at businesses to improve, Kendall says the problem can be traced to passwords.

“Passwords have been traditionally used in IT to secure access to devices and applications within the workplace, so it makes sense that they have been the first step taken to secure mobile devices,” he said.

However, Kendall says the risk of a data breach via compromised passwords is higher in a mobile environment.

“Mobile devices can be easily lost or stolen, so it is surprising that organisations aren’t taking a more aggressive approach to securing the devices and the data on them,” he said.

To protect sensitive assets, the recommendation is to adopt multifactor authentication, where the employee is identified not only by “what they know” (such as a PIN or password), but also by “something they have” (a token key) or “who they are” (a biometric such as a fingerprint or face scan).

“In addition, organisations should look beyond the device at ways to secure the data itself, such as via encryption, so that even if the wrong people get access to the data, they can’t read it,” Kendall said.

He adds that a business needs to protect against both internal and external threats, no matter if it is accidental or intentional.

Tags BYODsecurityunisys

1 Comment

Adam

1

The growing mobility of the workforce, BYOD and Consumerization of IT have combined to create major challenges for IT staff. How do they secure sensitive data? How do they manage all those different types of devices? How do they connect employees and their devices with corporate applications?

One approach to meeting these challenges is to separate data and applications from the end user devices. This can be achieved with a combination of virtualization, cloud and HTML5 technologies. For example, data and applications can be securely hosted on VDI virtual desktops or on Microsoft RDS (Terminal Server) while mobile employees access those applications and desktops using HTML5-compatible browsers.

That's the idea behind solutions like Ericom AccessNow, an HTML5 RDP client that enables access to Windows applications and desktops from a browser. Basing access on the browser allows employees to get to their applications and data from iPads, iPhones, Android tablets and phones and other devices.

Concerned with security in the age of the mobile workforce? Download this free white paper entitled "Mobile Access Security & Management:"
http://www.ericom.com/WP-MobileAccessSecurity.asp?URL_ID=708

Please note that I work for Ericom

Comments are now closed

 

Latest News

Nov 21
Tech Mahindra acquires Lightbridge Communications for US$240 million
Nov 21
Data#3 predicts "solid" growth in first half
Nov 21
Spanning partners with Fronde
Nov 21
Simon Hackett joins Redflow
More News
25 Nov
GovInnovate Summit
03 Dec
DC Infrastructure Solutions Professional
04 Dec
DC Infrastructure Delivery Professional
16 Dec
DC Infrastructure Solutions Professional
View all events