Beware of BYOD Wreaking Havoc

Friday, July 13, 2012

Michelle Drolet

E85787adcaf7bca10e799cfd1cfd08f1

Like it or not, the line between the workplace and the home is blurring. Work-at-home arrangements are becoming more common and cloud services make it easier to co-ordinate teams online.

People are constantly on call, with the ability to check their emails and stay in touch wherever they are.

The days of having a personal mobile and a work device are fast disappearing as the BYOD (Bring Your Own Device) trend continues to grow.

A recent SkyDox survey found that 77% of information workers use their personal smartphones or tablets for work. A whopping 88% report that they need the ability to access work related documents outside the office.

Allowing employees to use their own mobile devices for work can prove to be a real boost for productivity and it can also save companies a lot of money.

The downside to the BYOD movement is the difficulty of maintaining security. How do IT departments provide easy access to documents and files for a host of different devices and still ensure that sensitive material remains safe and workplace systems are not exposed to dangerous threats? How do they cope with lost or stolen devices? How can they safeguard company servers?

There is a clear need for the enterprise to establish a set of guidelines for the BYOD trend but it’s not clear how much control employees will accept when they are using their own devices. If a worker is issued with a company smartphone or tablet, then they are unlikely to question the company policy with regards to installing other applications or personal use of the device.

When the device belongs to them they will obviously expect to be able to use it any way they like and to be able to install whatever they choose.

Security concerns have been serious enough that a Cisco survey found that 48% of companies would not authorize BYOD. The problem is that “57% agreed that some employees use personal devices without consent."

Even if you don’t condone BYOD in the workplace you should still have a security policy in place. The risk of employees connecting to your networks and accessing sensitive materials is there and a Draconian crackdown on personal devices is not going to be well received.

The good news is that you can circumvent the threat by allocating the right resources in your IT department. Ensuring security and providing support for a multitude of devices is going to represent a hefty cost but you can offset by embracing the BYOD trend because you’ll no longer have to buy the hardware.

Protecting your sensitive data has to be the key aim and so you’ll need to monitor the flow of data in and out. You also need a policy for when employees leave because they’ll be taking the device with them. The ability to remotely wipe data is supported on all platforms with the right apps so it’s simply a matter of arming your IT staff with the right tools.

There are a lot of different ways to approach the problem. Combine a sensible approach to monitoring and support with some education on risks for your staff and you can reduce the impact on your business dramatically.

You may also consider mobile application management which focuses on securing the app or the data regardless of the device. This approach makes a lot of sense in the face of an increasingly mobile workforce.

The BYOD trend is universal and it represents a threat for businesses of all sizes. Since there is no wonder pill guaranteed to alleviate this headache each company should assess the risks and decide on a strategy that works for them.

By embracing the movement and pre-empting any problems you can increase employee productivity and job satisfaction. The key thing is to act because failing to spend a little time and effort on this now could cost you a great deal further down the line.

In brief, some best practices might entail:

  • Answer what happens to data when employee leaves?
  • Deploy centralized remote wipe of data from devices
  • Centralized storage options
  • Deploy data leakage prevention
  • Monitor use of BYOD
  • Educate users to the inherent risks

Cross-posted from Mass High Tech Copyright 2012

Possibly Related Articles:
10679
Enterprise Security
Information Security
Enterprise Security Application Security Data Loss Prevention Mobile Devices Information Technology Employees Policies and Procedures BYOD Mobile Device Management
Post Rating I Like this!
Default-avatar
Spencer Parkinson You mention mobile application management (MAM) as a method to meet the security challenges of BYOD and completely agree. The company I work for, Symantec, recently acquired Nukona, which makes MAM technology. The key benefit to a MAM approach to BYOD is that it enables companies to completely avoid device-level management and instead implement application-level management on user-owned devices. It does this by allowing enterprises to “wrap” each of their corporate apps and the data tied to them in their own security and management layers. This gives enterprises complete control of their apps and data while leaving the rest of the user-owned devices they are on and also users’ experiences with those devices untouched.

Spencer Parkinson
Symantec
1342592157
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.