RSA 2014: 'BYOD is not going away'

Speakers at this week's RSA Conference in San Francisco stressed that the Bring Your Own Device (BYOD) trend is changing - not ending.

ICO sparks debate on BYOD security
ICO sparks debate on BYOD security

Coming on the back of reports of companies returning to corporate deployments or even embracing Choose Your Own Device (CYOD) schemes, SCMagazineUK.com spoke to Good Technology CTO Dr Nicko Van Someren and Domingo J. Guerra, president and co-founder of mobile security start-up Appthority, to gauge the state of BYOD in business.

Van Someren, the former chief security architect at Juniper Network and also ex-CTO of nCipher, was keen to point out that BYOD isn't going away, and instead will be just one of many different deployment models for embracing mobile devices in the workplace.

He added that businesses have gradually shifted from initially wanting email access on their personal mobile devices, to now using them to run fully-functional applications for specific lines of business.

“It's been a bit of a journey – they started out with calendar, then email and now they want to open attachments and apps suitable for lines of business,” he told SCMagazineUK.com in a meeting just outside the Moscone Convention Centre.

“We see [the trend] going from this initial push of ‘let's get data out and in a way we can control' to moving to mobile-first.” Guerra, of Appthority, added that he too is seeing a mobile-first approach with enterprises starting to roll-out a handful of custom apps into their enterprise application stores.

Indeed, with a third of all workplace devices expected to be personally-owned by 2018, Van Someren is adamant that BYOD is now mainstream, with many businesses realising its value.

“There's going to be a wide spectrum of deployment models – BYOD is not going away, plenty of enterprises recognise the value to capex, that users like their devices and that they check their work email more often.”

But managing this via MDM tools has become too cumbersome, says Someren. “The buzzword for many years has been MDM, but the problem with it is that it has the wrong D. Mobile Device Management is a very blunt tool and the underlying problem here is data management.

“Device management might be part of it, but it's not the entire holistic solution.”

Appthority's Domingo J.Guerra added in an interview with SCMagazineUK.com that while some industries – and countries (he notes Germany as having stringent privacy laws) are backing away from BYOD, it is merely one choice of many in IT's arsenal.

A bigger issue however – he notes – is that whitelisting and blacklisting apps is becoming increasingly difficult in an age where top apps come and go in a short space of time.

“We analysed the top 100 apps on the App Store and found that 57 of them had disappeared [from the charts] within six months. There's not a lot of sticking power and white lists don't work for very long.”

As a further concern, Guerra said that there's “confusion” over ever-changing terms like MDM, Mobile Application Management (MDM) and Enterprise Mobility Management (MDM).

Malware threats live large

But defence is just one side of the coin for mobile security, as evidenced at the RSA Conference where speakers talked often of the rise of mobile malware.

Trustwave's Neal Hindocha demonstrated how hackers can track "touchlogging" on iOS and Android devices – even those which haven't been jailbroken or rooted – while reports outside of the show from FireEye and Kaspersky detailed cyber criminals increasing focus on attacking mobile platforms.

In a brief exchange with SCMagazineUK.com at the San Francisco conference, Lookout Security researcher Marc Rogers detailed how mobile malware is changing. And while he said that cyber criminals often go for the ‘long-hanging fruit', he added that they will do anything to get their hands on personal data.

“Bad guys are already targeting devices for data, we know they have been targeting laptops for a while because a laptop with data is worth more on the black market than the hardware itself. The same thing has now happened to smart devices. A smartphone with data is worth 3 times its price on the black market without data.”

Larry Ponemon, founder and analyst at the Ponemon Institute, touched on this recently in an interview with SC.

“I believe the insecure app problem will get much worse in terms of stealth and sophistication of mobile malware,” he said via email. “This problem is exacerbated by the BYOD movement. Despite the predicted rise in mobile risk, I don't have much faith that end users will proactively defend their smartphones or tablets from criminal attacks.”

Sign up to our newsletters