Infotech Lead America: Global IT association ISACA has mapped BYOD trends among enterprises in Latin America and Canada.
Releasing findings from its 2012 IT Risk/Reward Barometer survey for Canada and Latin America, ISACA said Canada reports a cautious acceptance of BYOD in the workplace.
More than 60 percent of IT professionals surveyed in Canada reported allowing the use of personal devices for work purposes (31 percent freely allow, 30 percent allow with limits). However, more than half (54 percent) of the IT professionals surveyed say that the risk of BYOD outweighs the benefits, and 39 percent either do not have a formal security policy that addresses BYOD or are not sure if one is in place.
To help control BYOD risk, enterprises in Canada report having the following security controls in place: Encryption (43 percent); Password management system (42 percent) and Remote wipe capability (40 percent).
Thirty percent of respondents in Canada reported that their enterprises will lose US $15,000 or more in productivity as a result of an employee shopping online during work hours. More than one-quarter of respondents believe employees will spend the equivalent of more than a full work day shopping online in November and December using a work-supplied device, and 32 percent believe they’ll spend another full day shopping on a personal device during work hours.
According to the survey, despite being a buzzword, the BYOD trend is not well accepted among Latin American enterprises. The number of IT executives who believe BYOD risk outweighs the benefit has increased by 16 percent from 2011.
Despite respondents’ concerns, a significant percentage of the respondents (44 percent) said their company has not implemented an IT policy around BYOD.
18 percent said there is a policy in place that allows BYOD.
28 percent said there is a policy in place that prohibits BYOD.
10 percent were not sure if such a policy exists in their enterprises.
Companies that allow BYOD cite benefits such as greater productivity, higher employee satisfaction and cost reduction. Among the risks highlighted by the participants were saving their work passwords on a personal device or an employee losing a personal device with sensitive corporate information on it.
Some of the controls currently being applied by Latin American companies are key administration systems (44 percent), encryption (42 percent), and remote wipe capability (23 percent).
Regarding BYOD, ISACA said the enterprises that follow this trend need to take control and have a risk management strategy in place that includes the devices and the corporate information they have access to. Because BYOD is real and is becoming part of the daily operations of big, small and medium enterprises, ISACA recommends an “embrace-and-educate” approach: embrace the technologies, but educate staff on the benefits and risks and have a clear policy in place.
In fact, 32 percent of respondents said increasing risk awareness among employees is the single most important action their enterprises can take to improve IT risk management. The greatest hurdles to effective risk management were reported to be limited budgets (23 percent), and business management not willing to be involved in risk management (22 percent).