This article is part of an Essential Guide, our editor-selected collection of our best articles, videos and other content on this topic. Explore more in this guide:
1. - Data protection in a mad, mobile world: Read more in this section
- Data protection management for all things mobile
- Podcast: Securing mobile endpoints and managing mobile data
- Data crunching made easy for cancer researchers
- Best approaches to mobile device and data protection
- BYOD security stymies CIOs, budgets not keeping pace
Explore other sections in this guide:
BOSTON -- Most CIOs today will admit that the concerns and pitfalls of the BYOD trend continue to be top of mind.
We don't want people to look at us as always saying no.
former Boston-area CIO
The release of the 34th annual SIM IT Trends Study was part of the IT Party 2.0 SIMposium here, where chief information officers (CIOs) and senior IT executives were asked to pick their three areas of greatest concern. Bring your own device (BYOD) was the fifth-highest concern among the 483 responses. But the 483 respondents listed BYOD as just the 21st-largest IT investment in their organizations.
The discrepancy for BYOD is that it takes a relatively small investment and carries a relatively big risk, according to Leon Kappelman, professor of information systems and director emeritus at the University of North Texas and lead researcher for the SIM study.
"Concern is probably not the word I would use to describe [the discrepancy]," Kappelman said. "What it points out to me is BYOD doesn't cost a lot of money; sometimes it saves you money. But it's a big worry. It's a big security problem. It opens holes everywhere."
Kappelman works with the North Texas Electronic Crimes Task Force, and a recent gathering included an FBI and Secret Service forensics expert who said BYOD "is just killing people, security-wise. It's just terrible."
In last year's survey, BYOD was seventh in IT organizational investment, but that question received 195 responses in 2012 compared with 483 in 2013. Kappelman said this was the first time the question was asked about the biggest concerns for CIOs.
BYOD security concerns linger
Kappelman led a panel that featured several current and former CIOs who discussed the findings in the survey. They expressed surprise over the BYOD and security discrepancies.
CIOs must do a better job of getting the funding to address these issues, said Sue Bergamo, the former CIO of a Boston-area email marketing company.
"We need to make sure we are shoring up those gaps and closing those holes," she said. "Our data is what's being taken."
The shortfall in funding for items such as BYOD and security can be caused by a CEO and a CIO that disagree on the same set of concerns, according to Janis O'Bryan, the former CIO and current senior vice president and chief administrative officer for Hudson Advisors LLC, a private equity firm based in Dallas.
"All of us want to be connected to data, including the CEO," O'Bryan said.
For O'Bryan, her company follows strict federal guidelines set by agencies such as the Securities and Exchange Commission and the National Security Agency, which address many lingering BYOD concerns.
Companies are setting up BYOD security policies, refreshing and replacing end-user hardware and investing in enterprise apps that can wipe data from BYOD devices, according to Bergamo and Kappelman.
"It's a real balancing act," Bergamo said. "We don't want people to look at us as always saying no, and embracing BYOD is part of it. But we always worry about it."
BYOD will happen whether IT wants it or not, and sometimes it's not worth the fight to keep it from happening, according to Bergamo.
O'Bryan said BYOD was a "tradeoff" between ensuring security standards and that the needs of the end user are met from a technology perspective.
"The business wants all these connections with BYOD, but that totally works against keeping the lights on, which is IT's table stakes," Kappelman said. "It adds to how complicated it is and how many moving parts there are."
Areas of concern higher than BYOD in the survey include analytics/business intelligence, security, disaster/recovery and cloud computing, respectively. As for other IT investments, analytics/business intelligence was first, cloud computing third, disaster/recovery 11th, and security 14th.
Other stats from the survey include enterprise application integration and legacy applications ranking as the seventh- and eighth-greatest concerns to CIOs, yet 20th and 17th, respectively, in terms of IT investment. Those areas were seen as relatively small investments with relatively big benefits, according to Kappelman.