BYOD, BYOC Policies have to be Gen Y friendly

Fortinet India Survey Shows Generation Ys Hardening Stance Against Corporate BYOD/BYOC Policies

Fortinet, a network security player, has published a survey where it reveals a Up to 58 per cent of 21-32 year old employees would contravene company policies restricting use of own devices, cloud storage and wearable technologies for work.

It also reveals the growing appetite of Generation Y employees to contravene corporate policies governing use of own devices, personal cloud storage accounts and new technologies such as smart watches, Google Glass and connected cars. Based on findings from an independent 20-country survey of 3,200 employees (150 of them in India) aged 21-32 conducted during October 2013, the research showed a similar tendency (58per cent this year compared with 66 per cent last year) in the willingness to break usage rules compared to a similar. The new research also describes the extent to which Generation Y have been victims of cyber crime on their own devices, their threat literacy and their widespread practice for storing corporate assets on personal cloud accounts.

Strong Trend of Contravention

Despite respondents positivity about their employers provisions for BYOD policy, with 71per cent agreeing this empowers them, in total, 43 per cent stated they would contravene any policy in place banning the use of personal devices at work or for work purposes. 42 per cent of respondents using their own personal cloud storage (DropBox) accounts for work purposes said they would break any rules brought in to stop them. On the subject of emerging technologies such as Google Glass and smart watches more than half (58 per cent) would contravene any policy brought in to curb use of these at work.

Wearable Technology Set to Enter the Workplace

When asked how long it would take for wearable technologies such as smart watches and Google Glass to become widespread at work or for work purposes, 45per cent said immediately and a further 36per cent when costs come down. Only one of the 150
India respondents disagreed that the technologies would become widespread.

Widespread Use of Personal Cloud Accounts for Sensitive Corporate Data

95per cent of the sample has a personal account for at least one cloud storage service with DropBox accounting for 36per cent of the total sample. 85per cent of personal account holders have used their accounts for work purposes. 23per cent of this group admits to storing work passwords using these accounts, 31per cent financial information, 28per cent critical private documents like contracts/business plans, while more than half (59per cent) store customer data.

Almost two-third (63per cent) of the cloud storage users sampled stated they fully trust the cloud for storing their personal data, with only 3per cent citing aversion through lack of trust.

Threat Literacy Required as Survey Reveals Attacks Really do Happen

When asked about devices ever being compromised and the resulting impact, over 68per cent of responses indicated an attack on personally owned PCs or laptops, with around half of these impacting on productivity and/or loss of personal and/or corporate data. Attacks were far less frequent on smartphones (41 per cent), with a slightly lower proportion resulting in loss of data and/or loss of work productivity than on PCs/laptops, despite the sample reporting a higher level of ownership of smartphones than for laptops and PCs. A similarly low percentage was observed for tablets (33 per cent), but with greater consequences, since 69 per cent of those attacks (compared to 60 per cent in smartphones) resulted in significant impact.

Among one of the worrying findings of the research, 11per cent of respondents said they would not tell an employer if a personal device they used for work purposes became compromised.

The research exercise examined literacy levels for different types of security threat, with the results revealing two opposing extremes of ignorance and enlightenment, separated by an average of 24 per cent with minimal awareness. Questioned on specific threats like APTs, DDoS, Botnets and Pharming, up to 51 per cent appear completely uneducated on these types of threats. This represents an opportunity for IT departments to provide further education around the threat landscape and its impact.

The survey also hinted at a direct correlation between BYOD usage and threat literacy, i.e. the more frequent the BYOD habit, the better a respondents understanding of threats. This represents a positive finding for organizations when considering if/when to bring policies in alongside training on the risks.

This years research reveals the issues faced by organizations when attempting to enforce policies around BYOD, cloud application usage and soon the adoption of new connected technologies, said Vishak Raman, Fortinet's Senior Regional Director for India & SAARC. The study highlights the greater challenge IT managers face when it comes to knowing where corporate data resides and how it is being accessed. There is now more than ever a requirement for security intelligence to be implemented at the network level in order to enable control of user activity based on devices, applications being used and locations.

Its worrying to see policy contravention remain high, as well as the high instances of Generation Y users being victims of cybercrime, continued Raman. On the positive side, however, 96per cent of the respondents accept that they have an obligation to understand the security risks posed by using their own devices. Educating employees on the threat landscape and its possible impact is another key aspect for ensuring an organizations IT security.


Add new comment