Published on December 10th, 2018 | by Danielle0
BYOD and Shadow IT: Is Your Business Actually Secure?
The digital age is one of great convenience, but it’s not necessarily one of impenetrable security. Although 82% of companies have reportedly saved money by moving to the cloud, the cloud migration process has been data protection issues. But now, IT managers who trust the public cloud outnumber those who don’t by two-to-one, reports Intel. The same cannot be said, however, for other technology use that’s prevalent in many offices: namely, the utilization of what’s known as “shadow IT” and the practice of “BYOD” — or “bringing your own device(s).”
Essentially, these two concepts involve similar behaviors. Shadow IT refers to the employee use of cloud-based apps (including personal email accounts and social media platforms accessed using network devices) that aren’t protected or approved by the company’s IT department. BYOD allows an employee’s own personal device to be used for work purposes; whether it’s in the office or for remote work, the device is granted access to the company’s network and other tools.
Since an estimated 75% of American workers believe they don’t have access to the latest efficiency-boosting technology, it makes sense that they’d want to use their own devices or the programs with which they’re most familiar to get work done (or waste time on their lunch break). But unfortunately, these activities can jeopardize the security of the entire organization — particularly if they go unchecked.
According to Gartner, a research and advisory company, one-third of all malicious attacks successfully executed on enterprises by 2020 will begin on their shadow IT resources. And considering that shadow IT use can represent upwards of 35% of a firm’s total cloud usage, it’s essential for companies to take accurate assessments of the risks associated with this type of use.
Employees may not even realize that sending a personal email or posting a tweet using the company’s network could be a risky activity. They might also be using unapproved tools that help them do their jobs more effectively without realizing that doing so could compromise the company’s security. It’s important to prioritize employee education to ensure staff activities like these are minimized to prevent the possibility of malware installation or data loss. Companies should also conduct an efficiency assessment to identify weaknesses that could actually cause employees to seek out external, unapproved tools to get the job done; if improvements need to be made to internally provide what your employees need, it’s essential to make that happen.
BYOD is also a major problem. Since nearly 395 iPhones are sold every minute and most employees will likely own a smartphone, a tablet, or a laptop, more companies are allowing staff members to use this technology for the sake of ease and cost-efficiency. Though it may save your company money upfront to allow employees to use their own devices for work, it could cost you far more in the end.
Around 85% of companies allow employees, contractors, partners, and suppliers to use their own devices for work tasks, while more than 62% of leading field service companies have already implemented BYOD strategies in the field. But many of these organizations are still concerned about security — and rightfully so, it seems. The potential for data leakage, unauthorized access, and lack of control over downloads and uploads brings worry to a lot of firms. What’s more, only 30% of organizations feel confident that they’re able to adequately protect those personal and mobile devices from malware attacks. Personal, unauthorized activities could easily allow malicious software to penetrate a corporate system, and with so many different devices in use at any one time, there are more opportunities for such a breach to occur.
There are ways to reduce this risk, however. Mobile device management systems require the installation of software on all employee devices. This software allows the device to be managed by the IT team, which can alleviate the possibility of data wiping or promote password protection. MDM does come with some limitations though, especially if there are many different devices and operating systems to contend with. These systems are also extremely complicated and work best when implemented during the early stages of employment. In addition, employees often resent having to utilize an MDM system, as it’s often seen as unnecessarily intrusive when the device is used outside of the workplace.
There’s also mobile application management (MAM), which focuses on securing employer-provided applications. Instead of concentrating on the control of the device, it works to protect the company’s network and own apps in order to safeguard proprietary data. While it is rather limited (it won’t cover popular applications like Gmail, Dropbox, or Slack), it’s seen as a bit less micromanaging, though it still requires the installation of software onto a device. There are other mobile security solutions that don’t require that type of installation while still providing secure encryption on popular apps used by organizations.
No security solution can be perfect, considering the constant advancements in technology (and related threats). But for companies that permit employees to use their own devices to work or use unauthorized apps, it’s important to know the risks and take steps to reduce them.