10:03 PM
Connect Directly

Gen Y Blows Off Mobile Security Policy

Twenty-somethings worldwide expect to BYOD, and most say it's a right, not a privilege

Twenty-somethings expect to be able to BYOD to work: One in three say they would disregard their company's security policy if it forbade them to use their personal mobile devices at the office.

A survey conducted by Vision Critical on behalf of Fortinet between May 31 and June 12 asked more than 3,800 fully employed 20- to 29-year-olds worldwide with their own smartphones, tablets, or laptops about their views on bring-your-own device (BYOD) trends. About 75 percent of them say BYOD is commonplace, and 55 percent say using their mobile device at work is a "right" versus a "privilege."

Some 36 percent said they either have or would break company policy banning BYODs, and 30 percent also say they have or would do the same for any unapproved applications at work. Nearly 70 percent say they are interested in creating and running custom apps at work.

The draw of BYOD is access to text messaging and social networks, the survey found. Around 35 percent say they use social media every day, and 47 percent use SMS.

Interestingly, 42 percent of the Gen-Y users say BYOD's biggest risk to an organization is data loss and exposure to malicious cyberthreats. And 66 percent say they are responsible for the security of their devices, not their companies, while 22 percent say it's their companies' job.

Patrice Perche, international vice president of international sales and support for Fortinet, says the survey shows the big challenges for organizations trying to balance BYOD and security. “While users want and expect to use their own devices for work, mostly for personal convenience, they do not want to hand over responsibility for security on their own devices to the organization," Perche says. "Within such an environment, organizations must regain control of their IT infrastructure by strongly securing both inbound and outbound access to the corporate network and not just implement mobile device management or ‘MDM.’”

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is Senior Editor at She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise Magazine, ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
7/30/2012 | 7:13:08 PM
re: Gen Y Blows Off Mobile Security Policy
I agree. Since whenit it your right to use the corporate network as you please or to put the company's asset at risk for your convenience?
User Rank: Ninja
6/30/2012 | 11:32:15 PM
re: Gen Y Blows Off Mobile Security Policy
People are going to do whatever is convenient and allows them to get their job done. But a "right?" I think that's going a bit too far.
Brian Prince, InformationWeek/Dark Reading Comment Moderator
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2014-07-11
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.

Published: 2014-07-11
Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

Published: 2014-07-11
The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue.

Published: 2014-07-11
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.

Published: 2014-07-11
Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.