The Importance of Mobile Security in the World of BYOD
Have you been struggling with the “BYOD” phenomenon, and wondering if your ‘secret sauce’ is dripping off the plate? It makes you wonder how much confidential corporate information has made its way to the public domain – not to mention how much of this information has been secretly dissected by competitors.
3 October 2013
Have you been struggling with the “BYOD” phenomenon, and wondering if your ‘secret sauce’ is dripping off the plate?
It makes you wonder how much confidential corporate information has made its way to the public domain – not to mention how much of this information has been secretly dissected by competitors. Take for example the case of the UK Serious Fraud Office or more recently, the Vodafone Germany attack or the hack of major data broker firms.
An interesting new white paper from Coalfire – a firm focusing on IT governance, risk and compliance – discusses the results of its BYOD 2013: Employees and Companies Remain Lax with BYOD Security survey on the impact of ‘Bring Your Own Device,’ and implications for the modern workforce. Coalfire’s key findings include the following, compelling statistics:
- While 86% of respondents who use smartphones use a smart phone for work, 80% suggested they don’t have separate devices for personal use and work. That number increases to 95% among tablet users
- Slightly less than half of respondents indicated that they don’t secure their phone with a password
- Only 37% of respondents indicated their employers have the capability to remotely wipe company issued mobile devices
- Nearly 40% of respondents have been targets of phishing attacks
While there is nothing surprising in these statistics, they are certainly thought provoking. Employees, partners, external parties – they’re all trying to access content on the go.
The widespread use of consumer-grade file sharing services is triggering employees to store large amounts of information on personal phones and tablets that didn’t used to be there – and making it possible, in one swipe, to move other data that shouldn’t be there to the cloud. How can a firm enable effective collaboration and personal productivity in a highly mobile workforce, yet have the assurance that its trade secrets won’t walk out the door?
In the spirit of that old saying, “don’t throw the baby out with the bathwater” we need enterprise-grade mobile solutions that minimize the risks associated with BYOD. If you’re looking for a remedy for this headache, you’ll want to make sure your solution has these features:
- Controlling the end-user experience: Content owners need the ability to grant access to users easily, but ensure that – for some users – it’s a read-only experience. Disallowing permanent saving, printing and screen clipping should be baked into this cookie.
- Secure viewing: Users should be able to view content within a secure ‘sandbox’ that keeps other mobile applications from accessing it. Between viewing sessions, the content should be wiped from the device.
- Password protection: There are multiple layers here.
It’s important that all devices are password protected, of course. However, four-digit PINs are no substitute for strong passwords when it comes to accessing company data. To take it a step further, intrusion detection and dynamic, multi-factor authentication add a level of security that really minimizes the chance of unauthorized access.
Inactivity timeouts and PIN codes are desirable, to reduce the likelihood of data loss through theft or inattentiveness.
- Real-time authorization: A solution that performs last-minute reauthorization ensures users view only the documents they still have the rights to see. And – content owners should be able to instantly revoke access to any or all users, at any time.
For better or worse, the BYOD phenomenon is here to stay, and with it is a real threat to an organization’s confidential information. Solutions are needed today that not only enable user-friendly mobile access, but do so with the right safeguards in place – ones which let you maintain control, and keep track of who’s doing what with your information.
For more information on our mobile solutions, please view our Intralinks Secure Mobile Applications .