The bring-your-own-device trend is expanding to applications and the cloud, thus opening holes in enterprise security, reports Alan Earls.
Mobility is empowering individuals and, arguably, boosting productivity. But this harmonious picture is balanced by another vision of mobility as an unchained malady – multiplying the threat environment and thus making securing the enterprise even harder to achieve.
More and more end-users expect and demand to use their own mobile devices for work-related tasks. For many IT security pros, this bring-your-own-device (BYOD) megatrend means the creation of gaping data security holes. It is a reality that won't go away, but also one that is spawning an array of creative responses as companies devise best practices and implement new, countervailing technologies.
“Organizations and IT can no longer deny corporate access to personal devices,” says Melissa Siems, director of marketing for Santa Clara, Calif.-based McAfee's software-as-a-service business. “So IT needs to determine how to not only secure these devices, but also the data and the applications on the device.” And, she adds, IT must be able to manage and report on those devices, and maintain compliance by understanding what data is on them.
Indeed, at MasterCard Worldwide, Edgar Aguilar, group executive of infrastructure and operations services, says information security has become the main driver for his organization's BYOD design considerations. “As such, we have in place very tight engineering parameters, system controls and internal processes to protect the corporate information and our users worldwide,” he says.
The advent of BYOD introduces additional threats to the corporate security landscape, says Tyler Shields, senior security researcher at Veracode, a Burlington, Mass.-based provider of cloud-based risk assessment. “Some of the security problems exacerbated by BYOD, he says, include application-level security – particularly flaws and malicious code within downloaded applications, the loss of a device, device compromise and the disclosure of sensitive data via a personally owned device.