While offering improved job satisfaction and
access to the latest technologies, embracing the Bring Your Own Device trend
may also expose companies to new security risks and vulnerabilities.
A
Look at the Landscape: The State of BYOD
On the
surface it makes a lot of sense. You use your MacBook Air or iPad at home. You
have your own smartphone for personal use. Why not trim down the number of
devices you carry and use the ones you like most at work?
According
to Accenture, more than 40% of employees feel comfortable and capable making
their own technology decisions for work, and management and IT executives are
recognizing the importance of employees using the latest technology -- nearly
90% of them agree that consumer technology utilized by their employees can
improve job satisfaction.
The
number of personal devices connecting to the corporate network has more than
doubled in the past two years -- with nearly half of those devices storing
sensitive data, according to a survey from CheckPoint Security.
The
Impact on IT Departments
IT
departments have handled BYOD in varying ways -- by fully embracing it, by
improvising a response or by simply ignoring it. And that's understandable,
given how employee devices change the user-IT paradigm.
A multi-platform
environment where some devices are personal and others are corporate-owned is
the new "normal," but it comes with a series of new challenges:
-
For
the first time, enterprises are being exposed to multiple operating systems,
models and operators -- requiring IT teams to become educated on a per-platform
basis to support the safe use of each device type within the enterprise.
-
The
capabilities associated with each platform are different, as are the security
of iOS, Android, BlackBerry and Symbian devices.
-
IT
departments are losing the ability to apply standard OS images to devices and
control the security software. Full control over the mobile device landscape is
no longer possible.
-
Organizations'
ability to recognize volume discounts from their usual suppliers is reduced
given the purchase of fewer devices.
-
Companies
face the potential financial impact of compliance breaches resulting from
private data leakage.
IT
departments that are allowing BYOD can get caught in a perpetual state of
"catch up" -- but this cannot be the case when it comes to the
security of corporate data on personal devices.
BYOD's
Inherent Security Vulnerabilities
90% of
organizations will support corporate applications on consumer devices and 80%
of professionals will use at least two personal devices to access corporate
data by 2014, according to Gartner. As such, the regulatory and security
concerns caused by the BYOD revolution are becoming very real for IT
departments.
A
recent report from Checkpoint Security reveals that 71% of businesses believe
mobile devices have caused an increase in security incidents, citing
significant concerns about the loss and privacy of sensitive information stored
on employee devices, including corporate email (79%), customer data (47%) and network
login credentials (38%).
BYOD
presents unique challenges and potential vulnerabilities because IT departments
lose the ability to control the OS image, enforce strong device-level security
policies, restrict unverified third party applications and mandate security
patches and OS upgrades. In short, they have lost administrative rights over
the device. Consider the following:
-
Most
employees have their phones locked with a pin code as a key security measure in
place; but according to McAfee, 11% of all pin numbers are one of five
combinations. Additionally, consumer-grade mobile OS's have been notorious for
exposing vulnerabilities that can make it easy to bypass a device's passcode.
-
Corporate
IT teams can often manage remote wipes of mobile devices if devices are lost or
stolen. The problem is that by the time employees discover that they have lost
a device, the data could have already been stolen, copied or reviewed by a
third party. Also consider the fact that the wipe command won't be received if
the SIM card has been removed or the radio turned off. And finally, many IT
departments are not permitted to wipe personal-liable devices even if they are
lost or stolen due to personal privacy regulations and fear of employee
litigation.
-
Like
it or not, convenience wins. Therefore, employees often bypass security
measures to access the information, applications or data that is needed when
and where an employee needs it.
Mobile
Risk Management and the BYOD Workplace
BYOD
can, and most likely will be, a truly powerful enabler for both employees and
the companies they work for. But as we move away from a "command and
control" environment and put more power into the hands of the employee, we
need to move as an industry from risk avoidance to risk management, respecting
the balance between personal productivity and corporate data security.
There
is little doubt that the consumerization of IT and BYOD trends can pose serious
threats to IT security and compliance. But if embraced properly and with a
thoughtful risk management approach, they could ultimately help usher in a new
generation of security practices that effectively balance business needs with
IT security requirements -- and in an interest paradox, could actually increase
the levels of security and compliance while putting more power in the hands of
the end-users.
Tyler can
Business & Investment Opportunities
YourVietnamExpert is a division of Saigon Business Corporation Pte Ltd, Incorporated in Singapore since 1994. As Your Business Companion, we propose a range of services in Strategy, Investment and Management, focusing Healthcare and Life Science with expertise in ASEAN. We also propose Higher Education, as a bridge between educational structures and industries, by supporting international programmes. Many thanks for visiting www.yourvietnamexpert.com and/or contacting us at contact@yourvietnamexpert.com
No comments:
Post a Comment