More than half of information technology leaders in the US believe that any employee-owned mobile device poses a greater risk to the enterprise than mobile devices supplied by the company, according to a new member survey by ISACA. Yet 27 percent still believe that the benefits outweigh the risks.
ISACA found that 58 percent of US information security and IT audit professionals view mobile devices owned by employees as posing the greatest risk, compared to 33 percent who chose among work-supplied smart phones, laptops/netbooks, tablet computers, broadband cards or flash drives.
Organizations are increasingly being asked to manage the “BYOD” (bring your own device) trend as more employees use powerful and affordable personal mobile devices.
“BYOD presents both opportunities and threats. It lets employees and organizations take advantage of technology innovations at limited cost to the organization. Unfortunately, it also introduces new vulnerabilities, due to the limited ability of most organizations to effectively manage and secure employee-owned devices accessing their information infrastructure,” said John Pironti, advisor with ISACA. “Organizations should educate employees on their security requirements and implement a comprehensive mobile device policy aligned with their risk profile.”
Growing acceptance of cloud
The number of enterprises not using use cloud computing for any IT services has decreased by 5 points to 21 percent, and those that plan to use it for mission-critical IT services has increased 4 points to 14 percent.
“Cloud computing isn’t new; it’s an evolution of IT that is growing in popularity with the C-suite as a viable and cost-effective IT resource enabling businesses to be more agile,” said Robert Stroud, international VP of ISACA. “Because security is still a concern with cloud services, organizations recognize that they must take measured risk in cloud deployment. But it’s a calculated risk they will take because they know that stifling the use of cloud computing to avoid risk could actually stifle business growth.”
The data, collected in March 2011, shows that a surprisingly high percentage (40 percent) of respondents expect information security staffing requirements to increase over the next year. Thirty-four percent expect their risk management staffing requirements to rise.