Bring Your Own Device (BYOD) may be a growing phenomenon in the global enterprise sector, but the new module isn't seeing much acceptance in India. According to a recent survey conducted by Information Systems Audit and Control Association (ISACA), India ranks top among the countries where enterprises do not allow employees to use their personal devices for work.
The survey says: "India stood first among its global counterparts in prohibiting BYOD, with nearly half (46 per cent) of Indian enterprises successfully deploying a BYOD policy to prohibit the use of personal mobile devices for work to mitigate the risk to the enterprise.” India is followed by Europe (39 per cent), China (30 per cent) and the US (29 per cent).
Another interesting finding of the survey is that even the IT professionals in the country aren't keen on BYOD policy. About 56 percent of the Indian IT professionals taking part in the survey opined that the risks of BYOD surpassed the benefits. Moreover, when it came to security controls for employees' personal devices, about 47 percent of Indian enterprises acknowledged deploying password management controls.
“The survey results are an eye opener and present an interesting dichotomy from the governance of IT perspective of Indian enterprises compared to its global counterparts. It is always a challenge to retrieve an enterprise’s data when an employee who uses a personal device for work purpose leaves the company. It is imperative to structure a clear policy for BYOD,” says Avinash Kadam, CISA, CISM, CBCP, CISSP, GCIH, GSEC, PMP, ISACA India Task Force advisor.
The ISACA survey has come up with some interesting trends on the company policies about personal use of work devices. About 58 percent Indian respondents said their enterprises barred access to the social networking from a work-supplied device – highest as compared to China (33 percent), Europe (30 percent) and the U.S. (32 percent).
Additionally, 45 percent of Indian respondents reported that their enterprise prohibits its employees from shopping online through work-supplied devices, while enterprises in Europe (21 percent), the U.S. (20 percent) and China (19 percent) are more permissive.
“The survey highlights that there is need for enterprises to educate and create awareness about IT risk, as a third of the respondents felt that the business heads are not fully engaging in risk management, ” Kadam concludes.