INGATE

From The Sip Trunking Experts

TMCNet:  ISACA Survey Highlights BYOD Phenomenon and the Blurring Perimeter

[December 13, 2012]

ISACA Survey Highlights BYOD Phenomenon and the Blurring Perimeter

(M2 PressWIRE Via Acquire Media NewsEdge) Rolling Meadows, Illinois, USA-- ISACA, a non-profit association of 100,000 IT professionals in 180 countries, today released further insights from its 2012 IT Risk/Reward Barometer. The results from this study confirm an understanding of the risk posed by employee activities with both work and personal devices. For example, a consistently high percentage of respondents across all regions cited the storing of passwords in a file on a personal device as posing a high risk to the enterprise (ranging from 72% in Asia Pacific to 81% in the US). This fluctuated more dramatically when referring to the same habit, but on a work-supplied device (ranging from 44% in the UK to 74% in Africa). The study, conducted amongst 4,500 IT professionals from 83 countries, many management level and above, illustrates that organisations view people as a high risk. Additionally, bring your own device (BYOD) is a phenomenon that most are still grappling with. Corporate data travelling across geographical boundaries also poses a serious threat to an organisations security posture.


Speaking about the trends the study reveals, Ramss Gallego, international vice president of ISACA and security strategist for Dell/Quest Software said, The information world is changing at the speed of light and this study confirms that many are struggling to keep paceespecially when it comes to managing their risk. The organisations perimeter is blurring, as it shifts from a physical boundary to wherever an individual happens to be at any given moment, with whatever device happens to be in their hand at the time. For example, if I travel to Singapore or Chicago with a corporate-owned laptop, my smartphone and tablet, I take the organisations perimeter with me. Organisations must embrace BYOD, as its the way people want to work. And, while BYOD sounds like an invitation to bring a personal device, the truth is people are using their devices whether the organisation wants them to or not.

The loss of a work-supplied computer or smartphone was also identified as a high risk (scoring between 56% and 88%), and the use of online file-sharing services for work documents also featured highly (between 60% and 76%). Interestingly, when looking at what enterprises do and do not allow, many actually prohibit the use of online file-sharing services (ranging from 56% to 67%); although, Oceania and Africa seem to be more tolerant of this trend, (47% and 49% respectively).

Many of the organisations surveyed said they limit using a work-supplied device for personal use (ranging between 45% and 61%), while the harder stance of actually prohibiting personal devices for work purposes fluctuated widely (between 16% in Oceania and 40% in the UK). There was a greater consensus amongst respondents that the risk outweighs the benefit from BYOD, where employees are allowed to use personal devices for work activities, scoring between 47% and 60%.

Where respondents confirmed that BYOD was allowed within their organisation, the most frequently cited benefits across all regions were greater efficiency, increased productivity, cost reductions, and satisfaction of and flexibility for employees.

However, security controls imposed for personal devices were worryingly low, as less than half of respondents confirmed that encryption was used to protect data stored on them (the highest score of 48% was in Europe). While password management systems scored slightly higher (the highest being 50% in Africa), it still averaged less than half with some regions scoring significantly lower dropping to just 39% in the UK. Perhaps a little more reassuringly, although still scoring poorly and less consistently, was the percentage of organisations that had remote wipe capability for personal devices (varying between 23% and 46%).

Another interesting result is the lack of controls surrounding the practice of travelling with business data on a mobile device, irrespective of ownership, across country borders (on average two thirds of the organisations surveyed do not have a policy to prohibit this). With many countries re-examining their data privacy lawsGermany being a recent examplethis is set to become an issue organisations need to address, and quickly. The use of location-based apps (e.g. Foursquare) may be beneficial in knowing where employees are; however, individuals may be less receptive to the prospect of being tracked. At present, the majority of organisations do not have a policy in place governing the use of these apps, with less than 12% prohibiting their use for all staff.

While the greatest hurdle enterprises faced when addressing IT-related business risks varied across the regionsbudget limits, lack of management support and insufficient resources were cited most oftenall regions concurred that increasing risk awareness among employees was the most important action the enterprise can take to improve IT risk management.

Gallego stated, In summary, the barometer results demonstrate that employees need to understand their responsibilitieswhat they can and cannot do and what devices are acceptable to do it with. And, organisations need to take control if they are to manage the risk posed to the enterprise from mobile devices, regardless of ownership. The bottom line is protecting data, and ultimately the brand. For many, this may mean the capability to remote wipe devicesregardless of ownershipwhen a serious risk is inevitable, either because the device has been misplaced, local legislation is breached, or alternative ramifications introduced as deemed appropriate. Organisations must develop the right approach, dependent on their attitude to risk, that allows them to embrace and adapt.

To view the full results of the survey, and find out more about ISACA, visit www.isaca.org/risk-reward-barometer.

About the 2012 IT Risk/Reward Barometer The annual IT Risk/Reward Barometer helps gauge attitudes and organizational behaviours related to the risk and reward associated with the blurring boundaries between personal and work devices (BYOD), cloud computing, and increased enterprise risk related to online employee behaviour at peak seasonal times.

The study is based on September 2012 online polling of 4,512 ISACA members from 83 countries, including 159 members in the UK. A separate online survey was fielded among 1,000 UK consumers by OnePoll from 23-25 October 2012. To see the full results, visit www.isaca.org/risk-reward-barometer. About ISACA With more than 100,000 constituents in 180 countries, ISACA (www.isaca.org) is a leading global provider of knowledge, certifications, community, advocacy and education on information systems (IS) assurance and security, enterprise governance and management of IT, and IT-related risk and compliance. Founded in 1969, the nonprofit, independent ISACA hosts international conferences, publishes the ISACA Journal, and develops international IS auditing and control standards, which help its constituents ensure trust in, and value from, information systems. It also advances and attests IT skills and knowledge through the globally respected Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT) and Certified in Risk and Information Systems Control (CRISC) designations. ISACA continually updates and expands the practical guidance and product family based on the COBIT framework. COBIT helps IT professionals and enterprise leaders fulfill their IT governance and management responsibilities, particularly in the areas of assurance, security, risk and control, and deliver value to the business.

Participate in the ISACA Knowledge Center: www.isaca.org/knowledge-center Follow ISACA on Twitter: https://twitter.com/ISACANews Join ISACA on LinkedIn: ISACA (Official), http://linkd.in/ISACAOfficial Like ISACA on Facebook: www.facebook.com/ISACAHQ Contact: Kristen Kessinger, +1.847.660.5512, news@isaca.org Neil Stinchcombe, Eskenzi PR, +44 20 71 832 833, neil@eskenzipr.com ((M2 Communications disclaims all liability for information provided within M2 PressWIRE. Data supplied by named party/parties. Further information on M2 PressWIRE can be obtained at http://www.presswire.net on the world wide web. Inquiries to info@m2.com)).

(c) 2012 M2 COMMUNICATIONS

[ Back To SIP Trunking Home's Homepage ]

Loading
Subscribe here for your FREE
SIP TRUNKING enewslettter.

Featured Partner


Featured Whitepapers

SIP Security for the Enterprise
Voice over IP (VoIP) is incorporated into a variety of computer networks, both public and private, and used for everyday transactions and communications among carriers, businesses, government agencies...

Making A Broadband Purchase Decision
Businesses today have many options for broadband connectivity. Clarifying your particular business needs prior to selecting a broadband provider will ensure an optimal match of broadband service to your requirements.

Voice-Optimized Network Delivers Premier Call Experience
Customers equate call quality with business quality. Real-time communication, interpersonal interaction, and the cordial tone of a call center representative can create a positive impression of your business that no email can match.

Featured Case Studies

Business Telecom Expenses Reduced 50%
A small to medium sized company in the midwest was interested in migrating to IP Communications, but in today's economy, they were hesitant to upgrade their communication system due to their perception that the cost would outweigh the benefits.

Multi-State Company Cuts Telecom Costs 50%
A multi-site, multi-state company with extensive monthly long distance fees and toll-free charges did not have adequate broadband for Broadvox SIP Trunking requirements, nor did they have a SIP enabled telephone system.

Discover Leisure Connects Remote Users to its IP-PBX
Discover Leisure is one of the largest resellers of caravans and motor homes in the UK. With 15 branch of?ces all over the country, the company spent a great deal of money every month just on internal phone calls.

Featured eBOOKS

Internet+: The Way Toward Global Unified Communication
Connecting the telephony of the enterprise PBX or Unified Communications (UC) system using SIP trunks instead of conventional telephone lines has been very successful in recent years.

What is SIP Trunking? Edition 2
SIP trunking is becoming more of a focus for service providers. One key issue many service providers face when deploying SIP trunks is NAT, or Network Address Translation, traversal.

What is SIP Trunking? Edition 1
A vast resource for information about all things SIP - including SIP, security, VoIP, SIP trunking and Unified Communications.

Featured Videos

Broadvox VAR Testimonial VAR 1:
Part 1 of the VAR (Value Added Reseller) Partner Program Testimonials for Broadvox...

E-SBCs AS The Demarcation Point:
Ingate's Steve Johnson talks to Erik Linask about the role session border controller plays as the demarcation point at...

Demystifying DPI
How can deep packet inspection protect your SIP traffic as well as your entire network?

Featured Resources

Partner Program Overview:
Over 4,000 VARs, Master Agents, Solution Providers, and Independent IT Professionals trust Broadvox. We offer customized services and solutions to fit seamlessly into any company's business model. And when you partner with Broadvox, every member of our team stands behind you and your customers 100%...

SIP Trunk UC Summit

What's New

Presenting the New Ingate/Intertex Website:
Internet+ is an extended Internet access allowing high quality SIP (Session Initiation Protocol) based real-time person-to-person communication, everywhere and for any application. It applies to both fixed and mobile networks ...

Featured Blogs

Featured Webinars

Secure SIP Trunking:
What You Need to Know

Successfully Deploying Enterprise SIP Trunking:
Tools and Techniques for Overcoming Common Roadblocks

Featured Podcasts

Getting the Most Out of Your SIP Trunks:
Ingate's Steve Johnson and TMC's Erik Linask discuss how best practices forgetting the most out of SIP Trunking services and common pitfalls to avoid.

Featured Datasheets

Ingate SIParator E-SBCs
Adopting SIP is a simple process with the Ingate SIParator, the secure enterprise session border controller (E-SBC). The SIParator makes secure SIP communications - including VoIP,SIP trunking and more - possible while working seamlessly with your existing network firewall.

Ingate Firewalls
Everyone is talking about enterprise usage of VoIP, instant messaging and other types of realtime communications including presence and conferencing.

SIP Trunk Solutions for Service Providers
The award-winning Ingate Firewall and Ingate SIParator deliver a high quality, reliable SIP trunk connection between the customer's IP-PBX and the service provider network, and solve interoperability issues to simplify deployments and support for remote diagnosis of reported issues.