This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

BYOD: Protect the device, or the data?

Share this article:

The BOYD focus should be on securing data wherever, rather than being preoccupied with specific devices recommends Dr. Paul Steiner

BYOD: Protect the device, or the data?
BYOD: Protect the device, or the data?

The rise of BYOD and its rapid propulsion of mobile devices into the global workplace has created an entire new industry of mobile device management (MDM) solutions designed to protect corporate devices and the information now living on them.

However, this line of corporate thinking and purchasing is flawed for a few reasons. Yes, there are several security factors surrounding the device, such as a lost phone, but an employee could access information from any number of devices. Will they secure each and every one? Businesses should be more concerned about protecting the actual company data, regardless of which device it's accessed from. This poses an interesting security question that many businesses are grappling with – do we protect the device, or the data?

BYOD poses many security concerns; if left unmanaged, they can impact your network availability and cause data loss. According to Gartner, more than half of all global employees participated in a BYOD program in 2013; those companies that have opened up their doors to allow corporate data access on any device will need the right network access strategies and data policies in place to secure their environment and proprietary content.

The key to a secure BYOD-enabled enterprise is having well-managed content, but there are obviously several ways to go about this. There are three key security concerns that companies should consider as they navigate BYOD territory:

·        Where data sits and for how long: When data is in motion it's at a higher risk of being hacked, no matter how strong the encryption levels used. Many public cloud solutions constantly sync content between all devices, putting sensitive corporate information at a higher risk of a breach. Also at higher risk of data leakage is public cloud storage, which many companies choose to use for mobile access. Public clouds co-mingle data, which means that your proprietary product information is mixing with a consumer's vacation photos. Before choosing a solution to support a BYOD program, companies should consider looking at private cloud architecture, so that data is only synced when an employee chooses to sync, and when data is at rest it remains inside the corporate network.

·        Access permissions: A crucial element of implementing a BYOD policy is establishing how users can access your network from their personal devices. Many companies integrate their LDAP or Active Directories into this process to ensure that only authorised employees are accessing data. For instance, just because a marketing employee can access the network from a mobile phone, doesn't mean they should be able to open HR documentation – all established information access protocols need to be left in place, no matter the device

·        Authentication methods: Approving any number of new devices to access a network requires updated authentication methods. Whether this is done through a protocol like Kerberos or through password-authenticated key agreements is up to each individual enterprise. Businesses that are especially serious about their security are creating triple-layer architectures so that the web, app and data layers all have their own authentication tokens, dramatically reducing the risk of data loss, no matter how many devices are accessing the network.

BYOD security concerns aren't going to disappear. In fact they'll only continue to grow – two-thirds of the mobile workforce will own a smartphone in 2016, and 40 percent of the workforce will be mobile, according to Gartner. Companies need to decide what asset they'll protect first with their BYOD policies – the device or the data – and move to do so immediately. My personal choice is to secure my data, so it's protected across all devices. What would you do?

Contributed by Dr. Paul Steiner, GM of EMEA, Accellion

Share this article:
close

Next Article in Opinion

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in Opinion

G-Cloud - Using SMEs without hurting government security

G-Cloud - Using SMEs without hurting government security

Moves to increase SME participation in government IT tendering drew criticism, but Peter Groucutt explains how G-Cloud has helped reduce security concerns as one of the objections

How do you stop an Energetic Bear?

How do you stop an Energetic Bear?

Companies must think like a hacker and commit to penetration testing to protect themselves from data breaches, says Chema Alonso.

Is your app secure? Probably not

Is your app secure? Probably not

App vulnerabilities need to be thought about holistically, so the network and database in which they reside also need to be considered says Josh Shaul.