Gartner conducted a BYOD study in the last quarter of 2013

May 15, 2014 18:53 GMT  ·  By

A survey conducted by Gartner in the fourth quarter of 2013 provides some important information on the bring-your-own-device (BYOD) trend and how it impacts the security posture of organizations. The report shows that US consumers don’t appear to be too concerned about the security risks associated with BYOD.

Of the close to 1,000 business users interviewed by the company, a quarter admitted experiencing a security issues with their private devices in 2013. However, only 27% of them reported the incident to their employer.

Almost half of respondents admitted using personal devices for work purposes for at least one hour each day. 20% of them use their personal phones, laptops and tablets to access data that’s protected by their organization’s firewall.

“Whatever the activity and the duration, any work activity on a private device inherently carries the threat of a security breach. That leaves IT organizations scrambling to come up with the right mix of mobile security defenses to balance protection, governance and user flexibility,” Meike Escherich, principal research analyst at Gartner, noted in a blog post.

“Businesses will need help from telecoms service providers (TSPs) to evaluate and implement policies and procedures, ongoing user education, and sourcing and deploying mobile security, encryption and mobile device management (MDM) solutions.”

So, what are companies doing to make sure BYOD isn’t a risk? While over a quarter of respondents said their companies required them to use their personal devices, only 15% of them signed a BYOD agreement.

A third of business users reported that their companies were aware of BYOD policies, but didn’t have one in place. The rest either didn’t know if their employers took notice of the policies or they were unsure.

59% of respondents who use personal devices for work purposes didn’t sign a formal agreement.

“Organizations that do decide to allow employee-owned devices need to develop solid BYOD policies based on their business requirements and risk profiles. At the moment, BYOD laptop, smartphone and tablet security policies are still incomplete in many companies, and contain gaps and other inconsistencies that don't measure up to business obligations,” Escherich explained.

“Many enterprises (especially in the smaller and midsize sector) lack the proper organizational structures to create these policies and must reorganize to provide the necessary governance for a successful mobility implementation.”

This topic will be further discussed at the Gartner Security & Risk Management Summit, an event that will take place on June 23-26 in National Harbor, Maryland.