Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

False sense of security for BYOD

Royston Chng, Regional Director for Southeast Asia & Korea, Barracuda Networks | Sept. 14, 2015
To mitigate risks, it is essential for IT administrators to incorporate mobile security as part of their overall network, rather than implemented as an afterthought.

This vendor-written piece has been edited by Executive Networks Media to eliminate product promotion, but readers should note it will likely favour the submitter's approach.

Innovations in consumer technology, together with the phenomenal growth of 4G networks have given birth to a new era of mobile workers who are constantly connected.

This demand for mobile access is part of the business technology agenda for most companies today. With the integration of mobile devices such as tablet computers, PDAs and smartphones, along with their various business applications and software, employees can be more productive in the office and out, having access to documents, emails and data while on the go. This have created greater flexibility allowing companies to be leaner and more cost-efficient. The result is a growing acceptance of Bring-Your-Own-Device (BYOD) policies as the norm.

The increased acceptance among organisations to implement BYOD policies have led to Gartner Inc. predicting that 38 percent of companies expect to stop providing devices to workers by 2016, according to a global survey of CIOs.

Legacy security limits growth
While going mobile has many benefits, it does raise some legitimate security concerns. In today's BYOD environment, existing legacy security approaches are inadequate in protecting a company's network from mobile threat vectors. An example of existing legacy approaches includes Virtual Desktop Infrastructure (VDI). As a hosted service, VDI end-users may only have access to their desktop environment, which connects via a secured network.

Measuring the risks
With the increased usage of mobile devices, the rules of the game have changed and so must the response to security. Organisations need to look beyond legacy approaches and secure network meticulously. Some of the new risks associated with o growing acceptance of BYOD include:

 

  • IT administrators losing visibility of devices accessing corporate systems and data outside the network, as well as not being able to gather forensic information in case of data breaches from these devices.

  • Unsafe or insecure applications compromising the security of corporate networks uploaded via employee owned devices.

  • Mobile devices being used on unsecured networks (like public WiFi hotspots) opening the door to malware infections or data leakage.

  • "Jail broken" or "rooted' mobile devices (that provide enhanced features and functionality) opening the devices up to potential risks. Beyond the ability to override device security,malware can be embedded within the software used to root phones, or within applications that are installed from unknown or unreliable sources.

  • Corporate networks or sensitive data accessed on personal mobile devices if the device is stolen or the employee leaves the company.

  • Beyond employee misconduct, the rapidly increasing sophistication of techniques for compromising corporate computer networks, as well as the growth of BYOD policies, have made company computers more vulnerable to attacks that begin by targeting employees' personal devices and accounts—including their social media accounts. Personal devices are also more vulnerable to attacks due to the wide use of social media applications.

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.