This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Get your BYOD policies wrapped up by Christmas

Share this article:

Last Christmas, tablets were joyfully unwrapped by millions. In fact, a total of 17.4 million iOS and Android devices were activated on Christmas Day alone, according to a report by Flurry Analytics, and, of those, about half (8.9 million) were tablets. And for many consumers in the UK, this Christmas again is going to be the Christmas of the tablet. Manufacturers are pushing tablets as the must-have device for everyone in the family, whether it's a high-end iPad from Apple or the new cost-effective Hudl from Tesco. What does that mean for the enterprise? It means an influx of new devices coming onto our network because you can bet your life they won't be staying at home. 

For the IT security team this has the potential to be a real headache as they count the ways the BYOD trend complicates one of their primary duties – data protection. As the transition away from desk-bound computers to laptops, tablets and smartphones gathers pace, it's no surprise that hackers are choosing mobile devices as their next target. It makes economic sense and they are simply ‘following the mobile money'.

The issue with employee-owned mobile devices is that they access corporate resources outside of the control of the corporate IT function. This means it can be difficult to identify even basic environmental data for these devices, such as the number and type of devices being used, and the operating systems and applications.

In addition mobile malware is growing rapidly which further increases risk. Research indicates that 79 percent of malicious attacks on mobiles in 2012 occurred on devices running Google's Android operating system, according to US authorities. Given the lack of even basic visibility, most IT security teams certainly don't have the capability to identify potential threats from these devices.

However, despite these pitfalls, I wouldn't advocate banning BYOD strategies outright. I believe that in order to gain the information security advantage in a mobile world, IT security professionals must be able to see everything in their environment, understand whether it is a risk and then protect it. For most enterprises, the right solution is to implement BYOD policies that clearly define the proper use of employee-owned devices in the enterprise.

Here are a few steps enterprises can take to help maintain control of their network.

•             First, identify technologies that provide visibility into everything on the network – devices, operating systems, applications, users, network behaviours, files as well as threats and vulnerabilities. With this baseline of information they can track mobile device usage and applications and identify potential security policy violations.

•             Second, enterprises should leverage technologies that help apply security intelligence to data so that you, the company, can better understand risk. From there, it's possible to evaluate mobile applications to determine if they are malware and even identify vulnerabilities and attacks targeting mobile assets.

•             Third, identify agile technologies that allow the company to adapt quickly and take action to protect systems in rapidly changing mobile environments.  Enterprises need to create and enforce policies that regulate what data can be transmitted to BYOD users.

•             For employee owned devices it may be useful to lock down your organisation's network or computers (laptops, desktops, servers) with capabilities like application control. Consider approved applications that can be used by employees to remotely access their desktop computers back in the office from their tablet while travelling. While they may not be able to limit the installation of an application on the device, they can prevent it from running on corporate-owned computers.

There's no doubt that adoption of mobile devices in the workplace presents a challenge that is as much a question of policy and control as it is of technology alone. However, according to analyst firm, TechMarketView, BYOD is here to stay with more than 10 million UK employees predicted to be using personal devices in the workplace by 2016. And in today's increasingly mobile enterprise, where BYOD is becoming the norm, organisations need an increased level of IT security intelligence that allows them to identify risky behaviour and applications on employee devices, so that they can take measures to protect corporate assets.  

Contributed by Leon Ward, Director of Product Management, Sourcefire (now part of Cisco)

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in Opinion

Securing the energy industry: is success a dead CERT?

Securing the energy industry: is success a dead ...

Industry needs a brighter collaborative approach to help bring it out of the dark ages says Alan Carter

The science behind DDoS extortion

The science behind DDoS extortion

Don't capitulate, have a plan in place, and of course, prevention is better than cure when it comes to tackling the prospect of DDoS ransom attacks says Dan Holden.

Critical National Infrastructure: how to reduce industrial-scale risk

Critical National Infrastructure: how to reduce industrial-scale risk

Nation-state attacks on CNI will be faciliated by the internet of things, and government regulation is needed to set standards, but the actual likelihood of CNI attacks remains very low ...