Consumer devices: The sting in the tail
Are the advantages of BYOD outweighed by the risks? Perhaps not, but CIOs need to plan for a more fluid line between work and personal life
Inside the enterprise: Much has been written, here and elsewhere about the rise of the consumer device in the enterprise. But hard data on how we use personal devices at work is still rather hard to come by.
Samsung, though, has attempted to quantify at least some of the effects of the use of both personal devices, and consumer-focused apps, at work.
The survey of 4,500 workers across Europe suggested that three quarters of people do work in their personal time, and take care of personal tasks at work. That might not be much of a surprise, given the hours many Europeans spend in the office.
But the Samsung study also found that on average, office workers have 10 personal apps on work smartphones. As many as 41 per cent of workers use a personal smartphone for work.
More worryingly at least for IT managers is the finding that 26 per cent of workers use personal technology to work round restrictions on the apps, services, or websites they can access using business-issued technology. Younger workers are the most likely to try to circumvent company rules.
That compliance with, or even awareness of, security and data protection rules is low will, again, surprise few CIOs or IT security teams.
According to the research, 11 per cent of European workers didn't know whether or not there was a company policy on using personal devices for work and used their devices regardless.
Younger workers are the most likely to try to circumvent company rules.
Some 44 per cent of companies did, though, have either a formal or an informal BYOD policy. Unfortunately for compliance, 18 per cent of European workers knew about policies, but also continued to use their own devices.
Compliance with security policies rather than more general rules on BYOD was rather more positive: 45 per cent of workers said they were aware of policies, and tried to keep to them. Another 15 per cent knew of a policy but confessed to not knowing its content. Another 12 per cent ignored the policy.
This suggests that companies have more to do, both to raise awareness of their policies, and to ensure compliance. Physical and software security measures do have their place. But if bright and well-meaning employees circumvent them in order to do their jobs, IT will always be on the back foot.
Instead, the focus needs to be on user education not just around the policies and rules, but explaining why those policies and rules are necessary. Samsung did find that security awareness has increased over the last year, and almost all companies said they had strengthened security measures too.
But to be effective, security has to be user-friendly as well as technically robust. In that area at least, it seems there is work still to be done.
Stephen Pritchard is a contributing editor at IT Pro.
What you need to know about migrating to SAP S/4HANA
Factors to assess how and when to begin migrationDownload now
Your enterprise cloud solutions guide
Infrastructure designed to meet your company's IT needs for next-generation cloud applicationsDownload now
Testing for compliance just became easier
How you can use technology to ensure compliance in your organisationDownload now
Best practices for implementing security awareness training
How to develop a security awareness programme that will actually change behaviourDownload now