Bringing one's own device to the workplace may be aiding productivity, but it has also emerged as a major area of concern for CIOs as they grapple to secure enterprise data on such devices, a study by Cisco and the Data Security Council of India (DSCI) today said.
The joint study titled 'Reinventing the Network in the Context of Security' found respondents saying that current generation of security capabilities implemented by companies can protect them from traditional threats.
"However, these might not be enough to address the ever-evolving threat landscape. Therefore, companies need to re-assess their security ecosystem and evaluate capabilities of next-generation security if they want to implement BYOD ( bring your own device) and mobility," Cisco India and SAARC National Manager (Borderless Networks Sales) Mahesh Gupta told reporters on a video conference.
The study interviewed security leaders and CIOs ( Chief Information Officers) from various industry verticals in the country and sought to understand the challenges of current security threats.
The study found that organisations as well as employees are embracing mobility because of improved employee productivity and enhanced user experience.
About 66 per cent of respondents said employees are encouraged to bring their own device to work and 44 per cent said employees are allowed to select and use a specific set of personally-owned devices.
Also, 64 per cent respondents indicated that there has been a rapid increase in requests for authorising access to mobile devices.
In this scenario, about 69 per cent respondents said managing policies and configuration of devices is a complex undertaking.
While 56 per cent of respondents said current solutions are ineffective in managing security of mobile, BYOD, and virtualisation, 43 per cent said capabilities for detecting and blocking attacks that detect known vulnerabilities are insufficient to address threats in the present scenario.
About 53 per cent said their existing solutions are incompetent to withstand sophisticated, targeted and persistent threats.
"The technology transformation driven by mobility, BYOD, virtualisation and cloud challenges the conventional security strategies in many aspects. The current capabilities are not sufficient enough and the survey confirms this," DSCI Director (Data Protection) Vinayak Godse said.
Threat and malware protection, quarantine of non-standard devices, enforceability of network policy on mobile devices, encryption of communication and data, and security scanning of mobile devices were key concerns for the protecting endpoints.
About 82 per cent said they wanted capabilities like authentication and authorisation of users based on who, what, where, when, and how including granular access capabilities.
The study also found 63 per cent respondents saying management of solutions will require additional skills and effort, adding to cost.