The ever-increasing use of personal devices has tested enterprise defenses, so plans must be created to meet the challenge, reports James Hale.
One doesn't have to go far to see the reality of the bring-your-own-device (BYOD) trend. Just step into any corporate elevator and look around: All eyes are down, thumbs and fingers working, from the young clerk with the nose stud to the senior sales executive with the $600 wingtips. You know the company can't possibly issue every employee a smartphone or tablet, but everyone seems to have one, and they're all using them on the job.
“I'd say it's almost a fad for companies to allow employees to use their own mobile devices right now,” says Faud Khan, founder and principal security analyst at Ottawa, Canada-based TwelveDot Security. He points to a recent survey by Kaspersky Lab that found that more than half of IT security professionals are more concerned about mobile device security than they were a year ago. What he and others who focus on BYOD ask is: Which solutions will meet the rapidly changing challenges? With an estimated 51 percent of organizations experiencing information loss through insecure mobile devices (including laptops, smartphones and tablets), it's an apt question.
“The analogy I like to use is that we're at the same place we were 15 years ago with internet access,” says Dave Amsler, president and chief information officer at Foreground Security, based in Lake Mary, Fla. “Suddenly, companies were amazed at how productive everyone became when you gave them network access. Security was an afterthought, and if you asked them about it, they'd say, ‘Oh, we have anti-virus software installed.' Today, we'd laugh at that, but that's where we are with mobile security.”
Big changes in the application of security measures have swept through government and all business sectors. In the past, only a few companies would allow employees to add their own BlackBerries to the enterprise network, and this would occur only after administrators could wipe their data first, says Steven Santamorena, the chief information security officer at Reader's Digest. “Not many people took that up,” he says. “Then, when the iPhone and the iPad came along, we saw more and more people bringing their own devices, and we addressed security with a pretty straightforward password approach. Now, you've got people wanting to add different flavors of Android devices, and we don't have the manpower to address that.”
Santamorena says clarity is the answer. He advises companies to establish a mobile device policy and enforce the agreement to wipe all corporate data if an employee loses the device or leaves the company. But, as he looks at the growing number of personal applications and public cloud storage solutions, like a lot of his peers, he realizes that the challenges aren't about to decrease.