BYO device ban a security risk: Citrix

BYO device ban a security risk: Citrix

Summary: Smartphones are set to overtake laptops as the most used personal devices in Australia in the next 12 months, prompting businesses to either embrace BYO devices as more appear in enterprise environments or run the risk of them becoming a security issue.

SHARE:

Smartphones are set to overtake laptops as the most used personal devices in Australia in the next 12 months, prompting businesses to either embrace BYO devices as more appear in enterprise environments or run the risk of them becoming a security issue.

Citrix engaged market research company Vanson Bourne to conduct a survey of 700 chief information officers from Australia, Canada, Germany, India, the Netherlands, the US and the UK between May and June as part of its Global BYO Index report. Australian CIOs represented 100 of the total 700 surveyed.

It found that laptops are currently the most used personal devices in Australia, according to 38 per cent of respondents, and smartphones follow closely behind with 32 per cent. In the next 12 months, however, it reported that these figures were set to change to 20 per cent and 42 per cent for laptops and smartphones respectively.

Citrix director of IT services, Pacific, Stuart Driver, said this changeover would result in smartphones becoming the choice of BYO device in the workplace.

"People are just more reliant on a smartphone device than they are on a laptop device these days," he said. "Everyone has a smartphone device and they're actually bringing it into the enterprise and figuring out how they can get access to the one or two corporate applications that they can get into."

Driver also noted that more Australian businesses were specifically adopting Apple's devices than in other countries surveyed.

"The amount of Apple as a personal platform of choice in Australia was much higher than each of the other six markets. That was quite a significant difference — about 20 per cent higher here than it was in other markets."

The report also confirmed the continuing trend for consumer devices to be introduced into the workplace. More than 90 per cent of respondents are aware of employees bringing in and using their own devices for work-related tasks, while 74 per cent of the remaining 10 per cent that aren't seeing this behaviour expect it to become common place within two years.

Driver said that while security is a major concern, taking an "iron fist" approach was not the way to deal with the issue.

"The reality is, it's already happening now, you might be able to stop some of it, but you're not going to stop all of it. You want to embrace it, in my opinion, and make sure it's not 'underground'," he said, referring to users who persistently attempt to connect their devices to corporate networks even at the expense of security.

In particular, Driver said businesses should use the trend as a competitive advantage for recruitment, especially for Generation Y and younger graduates who have grown up being able to use whatever device they've wanted.

"Schools have been [embracing] this for a long time from a student perspective where students connect in using mainly their own devices to get information, books, whatever it is they're working on," he said.

"Then these kids are coming out of school, they're then hitting the workforce at some point and it's like they're walking into an organisation where they've got these draconian lockdown, old-IT ways of doing things and they're going, 'What the heck is going on here? I used to have all this freedom to use my Mac and now you're forcing me down a Windows route or a locked-down OS that I can't do anything with and it's alien to me.'"

He said that if businesses were to embrace this trend, they needed to stop focusing on securing the devices and instead look at securing the communication channel between businesses and users. By using SSL (Secure Socket Layer) and VPNs (Virtual Private Networking) to secure communications, Driver said businesses could stop focusing on securing individual devices, which are constantly being updated with new operating systems or new models of hardware.

Suncorp, one of Citrix's customers, is one company that has recently done just that, allowing its employees to use whatever devices they want.

"The CIO there [Jeff Smith] has basically taken the same line we have: I can't add any value to the device [but] it doesn't matter to me — I can deliver everything that needs to be delivered to the device without actually managing the device, so let's do it."

The development of policy will also become an important issue for businesses, with just under 40 per cent of the Australian businesses surveyed stating they already had BYO policy in place and this number is set to increase to 90 per cent by 2013. Many businesses remain cautious of BYO computing, with some CIOs stating that the thought of data leakage keeps them up at night. Likewise, the Bank of Queensland remains hesitant of moving to a virtualised platform and considered that BYO might not be appropriate for certain parts of its business.

However, Driver said that businesses that had already taken a desktop virtualisation approach to allowing its remote users access to their business networks were already prepared for a hands-off approach to securing its employees' BYO devices and setting policy needn't be difficult.

"[Suncorp's] actual BYO policy is just an extension of their virtualisation strategy. The way I see it, the virtualisation strategy leads on to things like BYO or the ability to do offshoring safe and securely," he said.

It is the same approach to virtualisation that has enabled Dimension Data to kick off its BYO device trial earlier this month.

Globally, the report found that two thirds of those surveyed had already, or planned to, invest in desktop virtualisation, and, of those, 59 per cent had done so specifically to enable BYO.

Topics: Apple, Mobility, Outsourcing, Security, Virtualization

Michael Lee

About Michael Lee

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

1 comment
Log in or register to join the discussion
  • Regrettably, the heading doesn't really convey the true nature of the problem. The security issue will arise because users disregard all security policies by using their own devices, even though they are not secure. This is an issue with the user, not with the policy which bans BYO. In an organisation which makes its users aware of all security factors, and where the users are aware of the ramifications of breaching policies (both to themselves and to the organisation), there wouldn't be a security issue. Sure, some users might be a bit more disgruntled because they can't use their favourite toy, but you would have to seriously consider if you want them working for you in any case.
    It is an interesting observation to suggest that having a locked down IT environment is draconian and old fashioned - seems to me, that in today's world of ever increasing hacks and security issues, a locked down IT shop is very much up-to-date, and the lack of security and responsibility evident at home and Uni should be a thing of the past. Changes in security levels should be driven by advances in security capability, not by the demands of the workforce.
    saalbach1