Mobile Devices - Risks & Rewards

New ISACA Survey Highlights Concerns About 'BYOD'

By , June 3, 2011.
Mobile Devices - Risks & Rewards
Read Transcript

What's the top threat on the minds of global IT leaders? Employee-owned mobile devices - or BYOD (bring your own device), as the trend is known. The struggle: Do mobile device benefits outweigh the organizational risks?This is one of the headlines from the 2011 ISACA IT Risk/Reward Barometer, an annual survey that helps gauge current attitudes and organizational behaviors related to the risks and rewards associated with IT projects and emerging trends. The latest study polled 2,765 IT leaders from around the world, including 712 respondents from the US.

"We're seeing a lot of work going on with the 'bring your own device' conversation," says John Pironti, an ISACA adviser. "A lot of organizations are obsessing and analyzing whether that's a good idea. The obvious benefits: They can get access to the latest and greatest technologies without having to incur costs. The obvious concerns are, as we introduce these new capabilities, what are our abilities to properly secure them and align them with our risk profiles to make sure we're comfortable with them being used in the corporate environment?"

According to the survey, 58% of information technology leaders in the US believe that any employee-owned mobile device poses a greater risk to the enterprise than mobile devices supplied by the company. Yet 27 percent also say the benefits of personal devices outweigh the risks.

The top concern re: mobile devices, Pironti says, is that ultimately these machines are the property of the end users. "Even if we put in great applications and controls, the end user still has the authority to remove, modify or change those devices," he says. "It really comes down to: Can we properly account for data being used on those devices, and can we properly secure them for usage in our environment."

In an exclusive interview about the study's results, Pironti discusses:

  • This year's top headlines, including cloud computing trends;
  • Tips for organizations looking to get a handle on emerging technologies;
  • How organizations should analyze the Risk/Reward Barometer.

Pironti, CISA, CISM, CGEIT, CRISC, CISSP, ISSAP, ISSMP, is an adviser for ISACA and president of IP Architects. He has designed and implemented enterprisewide electronic business solutions, information security programs, and threat and vulnerability management solutions for global clients in a range of industries, including financial services, government, hospitality, media and entertainment, aerospace, and information technology (IT).

Previously, he was chief information risk strategist at Archer Technologies and CompuCom, and a principal enterprise solutions architect and principal security consultant for Unisys Inc. He has also held technical and management positions at AT&T and Genuity Inc. Pironti is a published author and writer, is frequently quoted by business and technology media outlets, and is a speaker at industry conferences on e-business and security topics.

Follow Tom Field on Twitter: @SecurityEditor

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Unencrypted Devices Still a Breach Headache

A new report of a data breach involving hard drives and a laptop stolen from a car in Indiana calls...

Latest Tweets and Mentions

ARTICLE Unencrypted Devices Still a Breach Headache

A new report of a data breach involving hard drives and a laptop stolen from a car in Indiana calls...

The ISMG Network