SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Are your employees putting your organisation at risk? Survey says 25% of employees bypassing secure VPN
Mon, 20th Jun 2016
FYI, this story is more than a year old

New results have shown that as much as 25% of your workforce may be bypassing secure Virtual Private Networks (VPNs) to access the internet through their mobile device.

Zscaler reports that more than 70% of Australian organisations' employees access enterprise business applications from a mobile device.

One in four of these organisations are being put at risk by up to 25% of staff who use content from the internet instead of through the organisation's own secure VPN.

The Zscaler report surveyed 100 chief security officers (CSOs) and found that 84% of organisations have used a VPN for remote access for specific business application access.

  • 36% of respondents also thought VPN was a concern because it provides employees access with access to the entire corporate network
  • One third of CSOs has seen a marked increase of between 25%-50% in mobile device usage in the organisation over the last twelve months
  • 60% of these users are using their devices to use business applications more than 25% of the time
  • 54% percent of CSOs store 25% of business applications in the cloud
  • 25% percent of CSOs store between 25%-50% of applications in the cloud
  • The number expected to store more than 50% of their applications in the cloud is expected to grow to 28% in the next twelve months

These trends are driven by what Scott Robertson, Zscaler VP Asia Pacific and Japan VP calls "consumerisation of the enterprise", as well as the trend towards cloud computing, mobile computing and threat evolution.

Mobile devices are a double-edged sword as they have brought forth security threats and attacks through the sheer number of mobile apps. This can be difficult for organisations to manage, Robertson says.

Robertson states that users can download unvetted apps that open up attack opportunities, but also issues between personal privacy with corporate security across visible and non-visible platforms.

The apps may be connecting to botnets, downloading malware or exfiltrating data, without users ever being aware of what is really going on, Robertson says.

Robertson believes that PC-era security technology that is put on mobile devices is simply not enough to secure mobile security.

True mobile security requires the ability to understand and classify mobile applications through traffic patterns, identify threats in real time and enable quick corrective action. Today's modern cloud security platforms enables businesses to embrace these innovations securely, while delivering a superior user experience,” Robertson concludes.