Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

BYOD is a user-driven movement, not a secure mobile device strategy

Sean Martin, a CISSP and the founder of imsmartin consulting | July 9, 2012
Many organizations have tried to fight the tide, but it's a losing battle.

- Quarantine and remediate policy exceptions.

- Develop applications for the highest level of assessment and control, leveraging (near-)native OS application development methods as opposed to abstraction-based platforms.

- Manage devices once connected (using MDM tools) and the applications that run on them (using MAM).

- Utilize deep packet inspection, even when SSL-encrypted sessions are in place, in order to protect the network from malicious activity routed through devices that have been rooted, applications that have been compromised with malicious code, or devices and applications that are being misused.

- Protect the devices from attack and misuse over 3G/4G connections and public networks/hotspots.

- Protect confidential and sensitive data from loss and theft (SSL encrypted sessions and application control).

"It is imperative that organizations take a holistic approach to secure mobility, including device management and protection, network and data access control, and network protection," says Dmitriy Ayrapetov, director of product management for Dell SonicWALL.

Unfortunately however, due to the complexity involved, there are currently only a few vendors that can and do deliver an integrated stack to facilitate the end-to-end secure mobility scenario. There are even fewer vendors out there that can provide native support for each major mobile OS (Android, BlackBerry, iOS and Windows) as part of the integrated offering. It will be interesting to see how the market landscape evolves over the next six to 12 months.

"BYOD is not too different from the mobile laptop movement 10 years ago; it's a new platform problem -- a control problem -- a perimeter problem -- an infrastructure challenge in meeting the demand of increased numbers of mobile devices residing and acting on the network," said ChengWei Cheng, technology evangelist at Hitachi-ID. "Device-based authentication really needs to be identity-based access control as well because, as soon as someone takes the device, they could assume the device owner's identity."

In the meantime, organizations shouldn't wait to tackle the challenge. They should begin by building focused plans for delivering secure mobility using implementation roadmaps that match their business requirements and environments. Below is one such strategy:

* Define the business strategy and requirements: Are you running a hospital that enables doctors to use their own iPads? Or, are you running an airline that provides the gate agents with company-owned Android tablets?


Previous Page  1  2  3  4  Next Page 

Sign up for CIO Asia eNewsletters.