- Nearly half of the companies in India have security policies that prohibit BYOD
- 33% of IT professionals say business heads are not fully engaging in IT risk management
Mumbai, November 14, 2012: ISACA, a nonprofit global association of more than 100,000 IT audit, security, risk and governance professionals, today released findings from its 2012 IT Risk/Reward Barometer survey. The annual survey unveils interesting findings on Indian enterprises’ acceptance of “bring your own device” (BYOD) for its employees and usage of work-supplied devices within a global scenario.
Controls on Personal Devices
IT professionals in India continue to remain resistant to the BYOD trend. In fact, more than half (56%) reported that the risk outweighs the benefit. The survey also highlighted that India stood first among its global counterparts in prohibiting BYOD, with nearly half (46%) of Indian enterprises successfully deploying a BYOD policy to prohibit the use of personal mobile devices for work to mitigate the risk to the enterprise. This trend was followed by Europe (39%), China (30%) and US (29%).
Regarding security controls for employees’ personal devices, nearly half (47%) of Indian enterprises reported deploying password management controls as a security layer, compared to China and Europe (44%) and US (42%). India registered lower interest on remote wipe capability (29%), which allows employers to erase the contents of an employee’s personal device as a security measure, compared to US (46%), China (39%) and Europe (37%).
Commenting on the survey findings, Avinash Kadam, CISA, CISM, CBCP, CISSP, GCIH, GSEC, PMP, ISACA India Task Force advisor, said, “The survey results are an eye opener and present an interesting dichotomy from the governance of IT perspective of Indian enterprises compared to its global counterparts. It is always a challenge to retrieve an enterprise’s data when an employee who uses a personal device for work purpose leaves the company. It is imperative to structure a clear policy for BYOD.”
ISACA recommends an embrace-and-educate approach: embrace the technology and the value it brings, while ensuring ongoing and proactive education and training on security policies and risks. “ISACA recently published Securing Mobile Devices With COBIT 5 to help enterprises deal with this challenging issue. By applying COBIT to mobile device security, enterprises can establish a uniform management framework and that helps them plan, implement and maintain comprehensive security for mobile devices. COBIT also provides guidance on how to embed security for mobile devices in corporate governance, risk management and compliance strategy, using COBIT 5 as the overarching framework for GRC
Controls on Work Devices
The survey also unveiled some interesting trends regarding company policies about personal use of work devices. It was observed that 58% of Indian respondents say their enterprises prohibit access to social networking sites from a work-supplied device. This was registered as highest when compared with China (33%), Europe (30%) and US (32%).
Additionally, 45% of Indian respondents reported that their enterprise prohibits its employees from shopping online using work-supplied devices, whereas enterprises in Europe (21%), US (20%) and China (19%) are more permissive.
Non-involvement of business heads and budget constraints are the greatest hurdles for Indian IT companies for addressing IT related business risk
The survey highlights that 33% of the respondents felt that the business heads are not fully engaging in risk management and 21% said that the budget limits remain an issue to effectively addressing risk. At the same time, 39% of the Indian respondents felt that the situation can be improved by increasing risk awareness among employees.
“The survey highlights that there is need for enterprises to educate and create awareness about IT risk, as a third of the respondents felt that the business heads are not fully engaging in risk management, ” Kadam said.
View the full results
About the 2012 IT Risk/Reward Barometer
The annual IT Risk/Reward Barometer helps gauge current attitudes and organizational behaviors related to the risk and reward associated with the blurring boundaries between personal and work devices (BYOD), cloud computing, and increased enterprise risk related to online employee behavior at peak seasonal times.
The study is based on September 2012 online polling of 4,512 ISACA members from 83 countries, including 305 members in India. A separate online survey was fielded among 1,224 US consumers by M/A/R/C Research from 8–10 October 2012. At a 95 percent confidence level, the margin of error for the total sample is +/- 2.8 percent. View the full results.
With more than 100,000 constituents in 180 countries, ISACA (www.isaca.org) is a leading global provider of knowledge, certifications, community, advocacy and education on information systems (IS) assurance and security, enterprise governance and management of IT, and IT-related risk and compliance. Founded in 1969, the nonprofit, independent ISACA hosts international conferences, publishes the ISACA Journal, and develops international IS auditing and control standards, which help its constituents ensure trust in, and value from, information systems. It also advances and attests IT skills and knowledge through the globally respected Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT) and Certified in Risk and Information Systems Control (CRISC) designations.
ISACA continually updates and expands the practical guidance and product family based on the COBIT framework. COBIT helps IT professionals and enterprise leaders fulfill their IT governance and management responsibilities, particularly in the areas of assurance, security, risk and control, and deliver value to the business.
Participate in the ISACA Knowledge Center: www.isaca.org/knowledge-center
Follow ISACA on Twitter: https://twitter.com/ISACANews
Join ISACA on LinkedIn: ISACA (Official), http://linkd.in/ISACAOfficial
Like ISACA on Facebook: www.facebook.com/ISACAHQ
Ketchum Sampark PR
Mr. Vikas Sahni, +91 98926 29404 firstname.lastname@example.org
Mr. Faizan Aboli, +91 98191 10224 email@example.com
Ms. Shruti Limaye, +91 98339 13417 firstname.lastname@example.org