BYOD - The Landscape and Security Risks that a CIO should consider
Posted on Apr 02, 2012 | Tags: |
Over the past couple of years, one of the biggest shifts that internal IT has experienced has been the move towards BYOD (Bring Your Own Device). Nowadays society can't go more than five minutes without using their mobile devices to check emails, facebook or their favourite app. As a result, increasing numbers of employees are bringing their own smartphones and tablets to work and for internal IT, this provides many challenges.
A couple of challenges these include how organisations protect themselves from harmful malware and how they protect their business critical data from being stolen or entering the wrong hands. It’s a major challenge that many CIO’s and internal IT departments are struggling to address because the devices are developing considerably faster than the security solutions to protect them.
The rise in BYOD is in part borne out of workers requirements to work from multiple locations and to gain access to real-time information. It’s a wave of change that appears to be pretty relentless and much of the industry discussions surround managing it, as opposed to suppressing it.
From our viewpoint, many of the problems occur because users treat their mobile devices as disposable products and don’t consider or realise the rich volume of detail that these devices contain about their daily lives and identity. Many protect their devices using pin code entry but rarely do they use third-party mobile security solutions. We’ve never quite understood this relaxed approach since a recent report highlighted that 90% of people acknowledge that they wouldn’t go online using their laptop without a firewall or anti-virus solution in place. So why is there such a relaxed approach when many individuals are spending just as much, if not more time online on their mobile devices, as the fact is, without anti-virus or firewall protections on your smartphone and tablets, your device is just as likely to contract a piece of malware, as on your laptop.
It seems that a lack of education is fuelling users ignorance towards the threats that they face and until there is a widespread virus or security threat to mobile devices, consumers are unlikely to act. Instead, I think the onus remains on the ‘experts’ within companies to create and enforce policies that give their organisation adequate security protection. However, this doesn’t mean banning BYOD but instead embracing it and providing the appropriate tools to help users protect themselves and their organisation.
So what are some of the solutions?
Well the most obvious and simple solution is for an organisation to try and enforce pin protection on devices but security software companies such as McAfee are beginning to release products into the marketplace. For example, they recently announced the launch of an enterprise mobility management product at the recent Mobile World Congress in Barcelona. Some of its features include sandboxing for email on iOS, blocking of iCloud backup and application blacklisting for Android and iOS. Another important strand, as touched on above, is to ensure, as much as possible, that your employees are educated on the risks to the organisation of BYOD and their responsibilities in protecting it.
At brightsolid, we take security very seriously and any devices accessing our data have to support enforceable device level encryption. Additionally, all access to information other than email is via a secure VPN connection which is available on all mobile and desktop platforms.
The security risks around BYOD are likely to be an area that is increasingly topical and one that we will be continuing to watch very carefully. If you have any thoughts on this area then we would be delighted to hear them. Please do so by leaving a comment below or connect with us via Twitter @brightsolid_tec