Mobile devices, tablets and social networking have all come to the forefront as consumerized methods of conducting business and enhancing productivity in the enterprise. However, with this increased mobility and freedom, are organizations effectively implementing security and compliance strategies to enforce policies and endpoint protection in the workplace?
According to a study conducted by cloud-based e-mail security and compliance solutions provider Proofpoint (News - Alert), Inc., enterprises are halting their “trust-only” approach to consumerized IT security and instead are altering methods for effective perimeter security.
Out of a group of 632 respondents from government agencies and enterprises, the study – entitled “2011 Consumerized IT Security Survey” – revealed that IT consumerization in the form of iPads, iPhones, Facebook (News - Alert), Twitter and IM, can be found at the hands of employees in 84 percent of organizations. In response, these organizations are opting to implement three-layer security and compliance tactics that combine trust, policy and technology.
Of those polled, 51 percent revealed that they implemented a combination of all three layers, while 22 percent said they opted out of technology but still trust their employees to obey company guidelines. Surprisingly, 12 percent rely only on staff members’ “good judgment” for effective defense.
“Consumerized IT in the workplace is a fact of life, and organizations recognize that they must act to integrate it in a secure and compliant manner,” said Michael Osterman, principal of Osterman Research, Inc., a market research company that worked in conjunction with Proofpoint to uncover IT consumerization trends. “Trust will always be an essential part of any security and compliance strategy, but it is encouraging to discover that half of those polled know that trust alone will not provide an effective defense.”
The majority of those surveyed (67 percent) stated they use hosted Exchange e-mail the most to conduct business, which is certainly raising some red flags. According to David Knight, executive vice president of product management and marketing for Proofpoint, this is underscoring the need for organizations to enact robust defenses against incoming threats that could eventually threaten vulnerable and regulated data.
“Providing protection for the mobile device is a smart move but endpoint security technologies deployed on devices can’t stop inbound attacks,” said David Knight, executive vice president of product management and marketing, Proofpoint. “Organizations that use mobile networks also need to deploy technologies that can provide strong perimeter defenses against spam, phishing, malicious e-mail attachments and other inbound threats.”
The survey also revealed that many companies currently lack policies for consumer technology usage in the workplace, which could inevitably provide easy admittance to company information.
“Companies that have no control over unauthorized use of technologies on their network are in serious peril. Sooner or later, an unprotected device, social media or IM platform is going to provide illicit access to regulated information,” said Knight. “Enterprises that stick their heads in the sand when it comes to consumer IT are increasing risk at an unquantifiable rate.”
Of those surveyed, the majority of organizations neglect to strictly enforce the rules, only issuing a warning to employees who disobey the policy.
Tammy Wolf is a TMCnet web editor. She covers a wide range of topics, including IP communications and information technology. To read more of her articles, please visit her columnist page.
Edited by Stefanie Mosca