Beyond BYOD

Share this article:
Beyond BYOD
Beyond BYOD

The ever-increasing use of personal devices has tested enterprise defenses, so plans must be created to meet the challenge, reports James Hale. 

One doesn't have to go far to see the reality of the bring-your-own-device (BYOD) trend. Just step into any corporate elevator and look around: All eyes are down, thumbs and fingers working, from the young clerk with the nose stud to the senior sales executive with the $600 wingtips. You know the company can't possibly issue every employee a smartphone or tablet, but everyone seems to have one, and they're all using them on the job.

“I'd say it's almost a fad for companies to allow employees to use their own mobile devices right now,” says Faud Khan, founder and principal security analyst at Ottawa, Canada-based TwelveDot Security. He points to a recent survey by Kaspersky Lab that found that more than half of IT security professionals are more concerned about mobile device security than they were a year ago. What he and others who focus on BYOD ask is: Which solutions will meet the rapidly changing challenges? With an estimated 51 percent of organizations experiencing information loss through insecure mobile devices (including laptops, smartphones and tablets), it's an apt question.

“The analogy I like to use is that we're at the same place we were 15 years ago with internet access,” says Dave Amsler, president and chief information officer at Foreground Security, based in Lake Mary, Fla. “Suddenly, companies were amazed at how productive everyone became when you gave them network access. Security was an afterthought, and if you asked them about it, they'd say, ‘Oh, we have anti-virus software installed.' Today, we'd laugh at that, but that's where we are with mobile security.”

Big changes in the application of security measures have swept through government and all business sectors. In the past, only a few companies would allow employees to add their own BlackBerries to the enterprise network, and this would occur only after administrators could wipe their data first, says Steven Santamorena, the chief information security officer at Reader's Digest. “Not many people took that up,” he says. “Then, when the iPhone and the iPad came along, we saw more and more people bringing their own devices, and we addressed security with a pretty straightforward password approach. Now, you've got people wanting to add different flavors of Android devices, and we don't have the manpower to address that.”

Santamorena says clarity is the answer. He advises companies to establish a mobile device policy and enforce the agreement to wipe all corporate data if an employee loses the device or leaves the company. But, as he looks at the growing number of personal applications and public cloud storage solutions, like a lot of his peers, he realizes that the challenges aren't about to decrease.

Page 1 of 3
Share this article:
You must be a registered member of SC Magazine to post a comment.
close

Next Article in Features

Sign up to our newsletters

More in Features

Case study: Big LAN on campus

Case study: Big LAN on campus

A university rolled out a wireless network, but was hampered with a user-support problem...until a solution was found. Greg Masters reports.

2014 Women in IT Security: Stacey Halota

2014 Women in IT Security: Stacey Halota

When she stepped into the job of vice president of information security and privacy at Graham Holdings Company in 2003, Stacey Halota had to carve out new territory because her ...

What's sex got to do with it?

What's sex got to do with it?

Harassment has no place in the security industry. Neither do sexism or discrimination. But, there they are. It's time for infosec to just say no, reports Teri Robinson.