Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

The security guide to BYOD

Ben Rossi | April 10, 2013
With more companies adopting BYOD, security strategies should be re-looked.

It used to be so simple. A new employee joined your organisation and you gave them a laptop, which was entirely under your control.

You could lock down the operating system to prevent the installation of potentially insecure or unapproved applications, and you could ensure the device was suitably up to date with your security solutions.

Weren't they the good old days?

Now, there are all these people telling you that employees should be able to bring their own devices to work. They say they should be able to access your beloved network with their shiny new smartphones and tablets that are apparently the best things since sliced bread.

As a result, your company has established a BYOD policy, enabling them to do just that -- all in the name of mobility, which is supposedly something every CIO in the world should be embracing.

But these devices are corrupt. They're vulnerable and they're creating risks. The worst culprit of this is Android, which just so happens to be the most popular mobile operating system out there. This is a painful fact for any CIO when you consider that 99 percent of all mobile malware detections in 2012 were threats targeting Android devices.

"However, not a single platform is protected against threats such as phishing or loss of a device," says Konstantin Voronkov, Systems Management, Mobile Devices and Virtual Environments Group Manager, Kaspersky Lab.

"Loss or theft of an employee's gadget represents not a lesser threat to a company than malware infection. The loss of a device leads to a corporate data leak which may have negative impact on business. That is why IT staff must be able to control data remotely, for example, by blocking the lost device or by deleting all the information and mail stored on it."

So these mobile threats are real and costly, which Sowri S. Krishnan, Vice President of Mobility,Cognizant, more than testifies to.

"A lack of integrated mobile security is costing companies in terms of everything from lost productivity to lost data," he says.

As a result, transitioning to a BYOD model should be phased in over time. "Organisations need to mitigate security risks, such as inappropriate usage or loss of corporate data and the ensuing financial and legal implications," Krishnan says.

"Establishing effective governance mechanisms to ensure data privacy and security can be challenging when embracing a BYOD philosophy."

According to Florian Malecki, Head of Product Marketing, Dell SonicWall, different security practices apply depending upon whether the mobile devices are connecting from outside or inside the network perimeter.

"From a security perspective, tablets and smartphones are vehicles for information flow and so users may inadvertently -- or sometimes even intentionally -- relay malware into the secure network," Malecki says.

 

1  2  3  4  Next Page 

Sign up for CIO Asia eNewsletters.