Why Gen Y and BYOD Can Be a Security Nightmare

Vstock LLC | Getty Images

The 20-somethings of Gen Y are the first group to enter the workplace with the expectation that they’ll be able to use their own devices on the job (a phenomenon known as "bring your own device," or BYOD). More than half of them (55 percent), in fact, view using their device at work a "right" rather than a "privilege," a new survey shows. If you’re not careful in crafting security strategies to deal with this sense of entitlement, BYOD may turn around and bite you.

Like it or not, BYOD has become a fact of corporate life for these millennials, according to a survey of more than BYOD 3,800 users ages 20 to 29 conducted on behalf of Fortinet, a network security organization. Nearly three-quarters of this demographic, which represents tomorrow's management and decision-makers, already regularly engage in the practice of using their devices for work.

From a user perspective, the survey found, the primary driver of the BYOD practice is that individuals can constantly access their preferred applications, especially social media and private communications. The dependence on personal communications is strong, with 35 percent of respondents admitting they could not go a day without accessing social networks and 47 percent unable to last a day without texting.

That need for 24/7 connectivity, however, can create a sizable security risk for your organization. Even though these first-generation BYOD workers understand the risks that BYOD can bring, this awareness doesn't prevent these workers from bypassing corporate policies.

More than a third of survey respondents (36 percent) admitted that they have would violate a corporate policy banning the use of personally owned devices for work purposes. The same holds true for applications.

When asked about policies banning the use of nonapproved applications, 30 percent of respondents admitted they have or would violate policy.

The survey also hinted at the resistance organizations might face with regard to implementing security on an employee’s device. The majority (66 percent) of respondents consider themselves — not the company — to be responsible for the security of the personal devices they use for work purposes. This is three times the number who believes responsibility ultimately rests with their employer (22 percent).

"The survey clearly reveals the great challenge faced by organizations to reconcile security and BYOD," said Patrice Perche, international vice president of international sales and support for Fortinet. "While users want and expect to use their own devices for work, mostly for personal convenience, they do not want to hand over responsibility for security on their own devices to the organization. Within such an environment, organizations must regain control of their IT infrastructure by strongly securing both inbound and outbound access to the corporate network and not just implement mobile device management or 'MDM.' Organizations cannot rely on a single technology to address the security challenges of BYOD. The most effective network security strategy requires granular control over users and applications, not just devices."