BYOD Takes Off: Understanding the Concerns of BYOD Security
When it comes to BYOD security, you still need to protect your intellectual property and infrastructure against threats, but now on another level.
29 April 2014
Houston, we have liftoff! The force of bring your own device (BYOD) has launched like a rocket across organizations both big and small. According to a Gartner survey of CIOS, half of employers will require their staff to bring their own device to work by 2017.
Due to benefits like flexibility for employees, cost-savings and increased productivity, this strong ascent may not be much of a surprise to you. Just make sure that before implementing a BYOD program you consider the added layers of complexity around mobile support and security. By forcing companies to rely on the security of their own infrastructures and the devices of their employees, partners and providers, companies could risk losing end-user control of information.
When incorporating BYOD into your organization, there are many challenges you could encounter. Here are just a few of the major concerns:
With the continued advancement of technology, an obvious benefit of using your own device is productivity - you can get work done from wherever you are with whatever device you have. But while it’s certainly convenient and more comfortable for employees to choose their own devices, organizations need to consider how to protect their intellectual property when granting the use of personal devices. This can be a big issue for companies, especially from an IT perspective. With BYOD added to the equation, not only does IT need to worry about how to implement mobile into their activities and applications, but now they need to do so on a device by device basis. Implementing endpoint security controls alone won’t work. Businesses need to apply a multi-layered approach - from system to applications to networks to endpoint controls – and ensure that each employee has the right permission to said information. There are additional ways to safeguard intellectual property through security - more on this later.
Another concern to be aware of is threats. Due to the multifaceted nature of current and emerging threats, protecting information has become even more complex - especially considering multiple personal devices. Now, businesses need to protect themselves against many different kinds of threats like cyber-criminals, hackers, data leakage, stolen or lost devices and even user-error. BYOD makes safeguarding against threats even more intricate since it brings with it an additional security risk for organizations like unauthorized access to data, data loss and unsecure networks. Despite these risks, BYOD security can work - organizations should put a VDI in place so staff can use corporate applications and data on personal devices without having to connect to the company’s network.
Finally, when it comes to security, you still need to protect your intellectual property/information and infrastructure against threats, but now you need to do it on another level. In securing personal devices, there are a number of factors to consider. For one, supporting employees' personal devices adds layers of complexity to security – you need to be able to support many different types of devices and operating platforms while adhering to varying networks and device security features. Security cannot be effectively managed at the device level – controls should be applied as close to valuable data as possible. To protect your network and data from unauthorized access, consider requiring and implementing VPN technology, patches, firewalls, password protection and anti-virus software on all devices that could be used. Another alternative is to use an application like a secure file sharing app that could serve as the gateway between devices and enterprise systems - securing information even if the device is lost. Security for apps should include standard-based encryption with military-grade key management and high-grade cryptography. Additionally, the app should have security features like passcodes, timeouts, server authentication, provisioning and de-provisioning of internal and external mobile users to allow employees to collaborate securely, compliantly and without high risk.
When implementing a secure BYOD program in your organization, just make sure your organization puts the right safeguards in place to let you keep control of who’s doing what with your information and be sure to implement the proper endpoint security measures to protect against loss of intellectual property and emerging threats.
Remember, security should be just as vigorous on mobile as it is behind the firewall. It can be much more costly to your business to experience data loss than prevent it.
What does your organization do to protect information with BYOD strategies in place?
Meagan Parrish is the Senior Manager of Social Media at Intralinks. She is responsible for social media strategy development and the communications for Intralinks' online communities. Meagan has been creating social media strategies for a variety of companies across verticals for the past several years. She holds Bachelor degrees in Marketing and Finance, with a minor in English Literature.