A secure approach to bring-your-own-device (BYOD) in the workplace starts with defining user guidelines, which ultimately determine the bottom line for companies: what technology should be implemented and how much it will cost.
Security experts at this year's SC Congress in New York City believe that a long-term plan is the most efficient defense against BYOD breaches.
“You're never going to have 100 percent security, so what remains is your users' ability to understand your [BYOD] requirements,” said Yonesy Nunez, senior vice president and BISO of IT risk implementation at Citi Group, at the conference Thursday.
Nunez spoke to attendees at SC Congress New York, a conference and expo for security professionals hosted by SC Magazine, about having a game plane for BYOD security.
Keith Wilson, the managing director and CISO of the Teachers Insurance and Annuity Association – College Retirement Equities Fund (TIAA-CREF) said that once policies were in place for personal devices, container-based solutions for storing information, where data is sandboxed according to classification, would keep BYOD security guidelines from being derailed.
“If you are going to do true BYOD, I feel pretty strongly that you need to look at a container-based approach,” Wilson said of protecting sensitive information.
Companies must also address who is going to own mobile devices used for corporate purposes, who will then manage its use, and what model will be used to protect those devices.
Vijay Viswanathan, director and CISO at HD Supply, an Atlanta-based industrial distribution company, said that year-to-year strategies for BYOD security policies are the way to go.
“Based on the type of organization you are in, you need a long-term strategy for BYOD,” he said. Wilson added that, with the right BYOD security model in place, management can reduce support costs and successfully stave off threats.
“The cost reduction is real,” Wilson said. “It just depends on how you roll [the support model] out.”