Building defences for BYOD
Building defences for BYOD
The insatiable consumer appetite for technology and the proliferation of mobile devices in people's personal lives has driven enterprises to adapt their ways of working.
As mobile technology becomes more powerful at increasingly lower costs, its accessibility to consumers grows, which in turn has led to consumers using more powerful mobile tools in their personal lives than they do in the office. Ofcom now states that two in five UK adults now own a smartphone.
As a result, the employees of today are becoming increasingly demanding, pushing employers to permit them to bring their own technology into the workplace. Likewise, users with corporate-provided devices are also pushing for more freedom, such as being able to access social networks.
With this in mind, the notion of using personal devices in business rather than having two separate devices is understandable. If an employee has a device capable of all the functionality needed to do business, then surely the most cost effective and efficient option for the business is to let them use those devices for business.
Indeed, a recent Frost & Sullivan report found that 53 per cent of respondents allow employees to connect their personal devices to their networks. Yet BYOD (bring your own device) has some challenges to overcome before it is a trusted business model – not least security.
Acknowledging security concerns
Despite the benefits of BYOD, security professionals are concerned organisations remain unprepared for the risks of the trend. That same Frost & Sullivan report found that 78 per cent consider BYOD to present a 'somewhat' or 'very significant' risk.
This concern centres largely on the fact that, if people are using their personal devices to access business data, then such data could be put at risk. Indeed, BYOD has resulted in data breaches as evidenced by study a Decisive Analytics showing nearly half of firms supporting BYOD report data breaches.
Examples of the security risks include the fact that, if an employee uses a smartphone to access the company network and then loses that device, untrusted parties could access unsecured data on the phone. Another type of security breach could occur when an employee leaves the company. As they are using their own devices, they do not have to return it, so business applications and other critical data may still be present on their device and therefore at risk.
Another area to be aware of is the on-going rise of malware. The risk of a device being infected with malicious software is something organisations cannot afford to ignore, so mitigating against this is crucial.
Despite the potential risks, the rise of mobile and the need for businesses to be as cost-efficient and productive as possible means BYOD will not disappear. Instead, we need to look at ways of improving the BYOD model – allowing employees to use their own devices without compromising security.
Suring up defences
There are many measures businesses can take to improve security and therefore enable them to adopt BYOD and improve business efficiency. The real challenge however, is to improve security without compromising the rich features afforded by smart devices. It was this need that drove RIM's own development of the BlackBerry 10 platform and BlackBerry Enterprise Service 10.
There are some basic steps to take. For example, businesses should ensure the operating system on devices is designed to protect against security threats. This will act as a first line of defence to ensure websites and apps being accessed do not pose a threat to business data. Encryption of data at rest is another vital defence that all businesses should be utilising.
The key to securing business data is to ensure IT teams are able to manage each device from a central hub. This does not mean controlling what users are doing on devices, it is about assessing and maintaining the security of each device at all times. By gaining a real-time view of device performance from a central dashboard, IT teams or security managers can ensure a secure posture is set on a device, with the proper policies applied and applications pushed, before a problem presents itself.
Such management and control also allows enterprises to remove business data from devices when an employee leaves, or that device is lost – therefore addressing a major BYOD concern.
The future of mobile device management is intrinsically linked to how well businesses can implement BYOD. The fact is, it is more efficient for businesses, and for end-users, to have one device for business and play.
Security remains a significant concern but if organisations combine basic security measures with improved control and management, then security becomes the enabler to allow businesses and their employees to benefit from the BYOD model as the mobile boom continues.
Mike K Brown is vice president of security product management and research at Research in Motion