Home References BYOD and security

Addressing security-related concerns in a BYOD era

The concept of Bring-Your-Own-Device (BYOD) has gained traction over the past few years. BYOD can be defined as using employee-owned mobile devices such as smartphones and tablets to access business enterprise content or networks.

Needless to say, a number of enterprises have jumped onto the BYOD bandwagon, fuelled by the various benefits it offers. According to industry analysts, an effective BYOD strategy can lead to a number of benefits for enterprises, including enhanced employee job satisfaction, increased job efficiency and flexibility. BYOD can also provide cost savings from initial device purchase to on-going usage and IT helpdesk support as employees invest in their own devices. From a larger perspective, it can even result in higher recruiting acceptance rates.

BYOD and security

However, permitting employees to use their own, personal devices to access their company’s (often) confidential data gives rise to several issues. According to Ernst & Young, BYOD significantly impacts a company’s traditional security model of protecting the perimeter of the IT organization by blurring the definition of that perimeter, both in terms of physical location and in asset ownership. In this context, therefore, it becomes imperative for an organization to “define” certain guidelines and security measures to strike a balance between an employee’s requirements and their own security-related issues.

Identifying the BYOD security risk

According to Ernst & Young, the issues pertaining to the deployment of BYOD can be classified under three heads:

  • The enterprise’s risk profile: This essentially entails examining how the enterprise defines potential “risks”. This in turn helps define the policies the enterprise would deploy to counter the same.
  • How the mobile device is being used: The enterprise ought to examine how the data is being used, what functions it serves. Needless to say, the more critical the function, the greater number of controls on the device.
  • Where the devices are being used: Typically, the security threats are greater when the device is being used internationally. This is not merely owing to “where” the devices are being used, but also due to often unclear and regionally applicable legislation in certain geographic areas.

BYOD-and-Security

Measures to counter potential BYOD-related security risks

Ensuring the mobile devices deployed are secure

The first step for any enterprise is to chalk out well-defined guidelines pertaining to the usage of mobile devices. This, ideally, ought to be based on an understanding of different user types and a clearly defined set of user segments.

Broadly, a mobile device can be secured by

  • Implementing a mobile data management policy
  • Establishing a security baseline
  • Introducing stringent authentication and access controls
  • Installing mobile updates
  • Limiting the use of jail-broken devices
  • Enforcing passwords

Ensuring mobile applications are secure

Using unsecure mobile applications typically gives rise to two primary security threats-malicious applications and the vulnerabilities of the application itself. In this context, viable counter-measures include:

  • Using mobile anti-virus programmes
  • Assessing the need to implement new applications
  • Managing applications via an in-house application store
  • Blocking unknown third party access to the mobile applications

Managing the overall mobile ecosystem

Broadly, implementing a BYOD policy increases the enterprise’s efforts pertaining to maintaining an inventory of the existing mobile devices and keeping the said devices’ operating systems updated. In this context, the following measures can be taken to protect the devices:

  • Identifying an appropriate BYOD policy
  • Implementing a self-service portal or resource for employees

Net, net, implementing an effective and updated BYOD policy is essential for any enterprise to prepare itself to grapple with any security-related challenges.

You may also like

Leave a Comment