Just a few of the most common BYOD pitfalls
The demand for cyber security is on the rise, and with Verizon’s “2015 Data Breach Investigations Report (DBIR)”, showing nearly 80,000 security incidents, including 2,122 confirmed security breaches in 61 countries, the advancement in technology is a necessity. “All the more so as companies are now operating in a bring-your-own-device (BYOD) environment, which brings with it as many rewards as risks,” comments Anton Jacobsz, managing director at Networks Unlimited, South Africa's leading value-added distributor.
BYOD has been shown to enhance employee productivity due to its anytime, anywhere access, but it is exactly this scenario that has also made it necessary for organisations to both boost and enforce its data security parameters.
“Strategically all companies should adopt a BYOD policy in order to protect both themselves and their customers. Similarly, the latest trend of wearable technology needs to be acknowledged,” adds Jacobsz.
Networks Unlimited distributesFortinet, which brings secure solutions to a BYOD environment and whose Next Generation Intrusion Prevention System (NGIPS) earned the highest position of any vendor in the latest NSS Labs performance testing in April this year,introduces its white paper “Say Yes to BYOD”, by saying that BYOD is “another battle in the war between security and usability”.
The white paper states that end users - from the CEO down to line workers - want the ability to use personal devices for work purposes, their belief being that personal devices are more powerful, flexible, and usable than those offered by corporate.
Further, it says, “Organisations also look to capitalise on this trend by shifting maintenance costs to the employee, eliminating the standard-setting role of IT. Workers have discovered the power of constant connectivity and have come to expect secure access to their corporate network regardless of location. The promises of increased productivity and worker satisfaction have brought BYOD to the forefront of most IT discussions today. On the opposite side of this discussion is security. BYOD opens up numerous challenges around network, data, and device security along with blurring the lines of privacy and accessibility. Many organisations have tried a variety of approaches to allow for BYOD in their organisations, with limited success.”
The paper also identifies the challenges associated with BYOD and points out that although it provides a variety of advantages to organisations, ranging from improved productivity to increased ROI for IT departments who make the migration; a BYOD environment also lacks many of the traditional security controls that organisations have relied on to secure their data, leaving gaps in their data and device protection strategy.
Fortinet highlights the following “just a few of the most common BYOD pitfalls facing organisations today”:
Bandwidth and productivity drains: Many employees have found that mobile devices often do not have the same strict policy enforcement capabilities as desktop devices. This policy gap enables many employees to use their mobile devices to access video streaming and otherapplications that are denied by standard corporate policy. With mobile devices offering a way to bypass the limits normallyimposed on these applications and behaviours, users are putting a strain on the corporate network bandwidth and being lessproductive.
Data and device loss: With devices operating outside the confines of the traditional brick and mortar enterprise, the potential for data lossincreases significantly. The threats to mobile users include the risk of malware infection, inadvertent or malicious sharing ofcritical business data or even the devices being lost or stolen. Additionally, rogue wireless networks exist in the public withthe sole purpose of stealing unprotected data.
Attacks against mobile devices: Even mobile devices themselves are increasingly becoming the target of attack. Hackers have started to realise thepotential goldmine of data that exists within mobile devices and unauthorised app stores provide an easy means ofdistribution for mobile applications – some of which are not legitimate.None of these challenges are new, but in the past organizations have had the ability to lock down devices through policy orsoftware in order to ensure that users were following corporate policy. In a BYOD world however, organisations are limitedin their ability to force device and users to conform to corporate policies. As a result, several approaches to addressingBYOD have emerged.
Policies and products used to secure BYOD:In order to address the balance between usability and security, organisations are taking a variety of steps. While somedraconian approaches (such as denying all personal devices on the corporate network) might be warranted for extremelysecure organisations, most companies want to adopt a BYOD policy that offers some flexibility for users while enforcingcorporate policies and adopting best practices. In order to address these requirements, they are taking thefollowing approaches to addressing BYOD challenges through explicit policies, and technical controls including, virtual desktop infrastructure (VDI), mobile device management (MDM), endpoint security clients, and network-based enforcement.
“Gartner predicts by that by 2017, half of employers will require employees to supply their own device for work purposes. The right security solution will solve the challenge experienced by organisations to operate safely, more productively and cost effectively in this future business scenario. As for wearing technology, pundits and analysts have already coined the term WYOD. The proliferation of wearables is yet to come, and as in all technology scenarios, it is better to have a proactive than reactive approach,” concludes Jacobsz.