CIOs in India Wary of BYOD

Bangalore: Indian CIOs are reluctant to grant their employees the pleasure of BYOD as security threats still loom large over theory head in spite of the breakthroughs achieved in desktop virtualization field. According to 2012 IT Risk/Reward Barometer survey of ISACA, IT professionals in India continue to remain resistant to the BYOD trend.

In fact, more than half (56 percent) reported that the risk outweighs the benefit. The survey also highlighted that India stood first among its global counterparts in prohibiting BYOD, with nearly half (46 percent) of Indian enterprises successfully deploying a BYOD policy to prohibit the use of personal mobile devices for work to mitigate the risk to the enterprise.

Regarding security controls for employees’ personal devices, nearly half (47 percent) of Indian enterprises reported deploying password management controls as a security layer, compared to China and Europe (44 percent) and US (42 percent). India registered lower interest on remote wipe capability (29 percent), which allows employers to erase the contents of an employee’s personal device as a security measure, compared to US (46 percent), China (39 percent) and Europe (37 percent).

Commenting on the survey findings, Avinash Kadam, ISACA India Task Force advisor, said, “The survey results are an eye opener and present an interesting dichotomy from the governance of IT perspective of Indian enterprises compared to its global counterparts. It is always a challenge to retrieve an enterprise’s data when an employee who uses a personal device for work purpose leaves the company. It is imperative to structure a clear policy for BYOD.”

Controls on Work Devices

The survey also unveiled some interesting trends regarding company policies about personal use of work devices. It was observed that 58 percent of Indian respondents say their enterprises prohibit access to social networking sites from a work-supplied device. This was registered as highest when compared with China (33 percent), Europe (30 percent) and US (32 percent).

Additionally, 45 percent of Indian respondents reported that their enterprise prohibits its employees from shopping online using work-supplied devices, whereas enterprises in Europe (21 percent), US (20 percent) and China (19 percent) are more permissive.

The survey highlights that 33 percent of the respondents felt that the business heads are not fully engaging in risk management and 21 percent said that the budget limits remain an issue to effectively addressing risk. At the same time, 39 percent of the Indian respondents felt that the situation can be improved by increasing risk awareness among employees.

“The survey highlights that there is need for enterprises to educate and create awareness about IT risk, as a third of the respondents felt that the business heads are not fully engaging in risk management, ” Kadam said.