IT Security Risks Consumerization Leaves Today’s IT Departments Vulnerable

As the proliferation of cool new smartphones, netbooks and tablet computers continues both at home and within the workplace, many IT departments are being required by business stakeholders to bend to the influence of their users when it comes to the important decisions around technology adoption. In enterprises where standardized equipment used to be the only equipment available, users have made inroads with Apple iPhones, non-standard netbooks, iPads and even Android-based smartphones. Soon the Cisco Cius Android-based tablet computer will make its debut, offering yet another device for IT to secure. And HP is planning a number of devices for the enterprise based on the WebOS platform operating system that it got as part of the Palm acquisition. It all makes for a diverse bunch of devices. But are the risks of supporting so many different, non-standard devices being properly assessed as IT strategies are changed to account for user expectations? RSA recently commissioned a study of 400 senior IT and security leaders conducted by IDG Research Services to find out more on the matter. Here’s what they found.

76 percent of security and IT leaders believe user influence on decisions to acquire devices and applications is on the rise.

More than 60 percent of respondents report that users have some input regarding the types of smartphones purchased.

20 percent say that they let users decide which smartphone they use.

52 percent of organizations allow users to provide input on or make decisions about netbooks.

50 percent involve users in computer tablet decisions.

35 percent of businesses involve users in decisions regarding desktops.

47 percent of them allow users input into laptop purchase decisions.

A little over a quarter of those surveyed say their organizations allow employees to use personal computers or mobile devices for work.

The majority of IT leaders say their companies have policies regarding connection of personal devices on the network, but almost 60 percent reported unauthorized connections still occur.

23 percent of organizations have experienced a serious security incident or breach due to the connection of a personal device on the network.

More than 80 percent of companies now allow some form of access to social networking sites.

Of those companies, 62 percent use social networking for external communication with customers and partners.

About 63 percent of those surveyed believe that devices such as notebooks and smartphones, as well as applications in the social media realm increase user productivity.

But only 11 percent are very confident that they have the right level of security in place to account for the increased access provided to these consumer devices and apps.

Just under a quarter of companies have a way to calculate the risks associated with consumer technology before using it for business purposes.

38 percent say they assess risks in some cases but have gaps in their strategy.

Approximately 40 percent of those surveyed don’t calculate the risks at all.