A third of users fail to see any risk with a bring-your-own-device (BYOD) policy, while only ten per cent of IT managers believe users are educated about the consumerisation of IT.
According to a survey of 2,000 global users by BT for its ‘Rethink the Risk' research, it found that 37 per cent of UK-based employees were permitted to connect personally owned devices to the corporate network. Also, while company-sanctioned BYOD adoption is generally high, the extent of use stated by employees is greater than that acknowledged by IT managers.
Jeff Schmidt, global head of business continuity, security and governance at BT Global Services, said the unthinkable is now the routine. “Go back ten to 15 years and the idea of connecting with a personal device was unheard of, but it is now a natural act. Policies need to be translucent to the user and we need to educate them,” he said.
In the survey, 40 per cent of employees said that "the IT department imposes rules and regulations that restrict the most innovative use of new technologies", and almost half disliked the idea of having additional security features installed.
Carl Blackett, ICT security architect at Norfolk County Council, said IT needs to get rid of the yes/no attitude and take a more risk-based approach.
The research also found that 57 per cent of IT decision-makers believe that the rise of BYOD heralds the move to a new model of IT where barriers between the individual and workplace dissolve and everything is linked together by the corporate network.
Captain Simon Wise, deputy head of service operations at the global operations security control centre at the Ministry of Defence, said that in terms of BYOD, it had one short and sharp policy – it does not have a policy.
He said: “The user experience is affected but we want to ensure that the core business can be secure and that the core functionality is at an assured level.
“We require everyone to be completely vigilant on the fact that not everyone gets it right all of the time. What information are you trying to protect and what is it worth? Decide what is important and what is important for the MoD to protect.”
The survey found that 37 per cent of IT managers in the government sector think that cyber security is “a major concern”, compared with 49 per cent in the financial services sector and just 26 per cent in logistics.