BYOD: A Source Of Security Problems?

Security is the biggest inhibitor to BYOD (Bring Your Own Device) adoption a survey by Crowd Research Partners has found, and reported in Computing Security Magazine (May/June 2016).  The results are based on a survey of 800 cybersecurity professionals worldwide.

Management opposition to implementing BYOD strategies rank far lower in the list of inhibitors. Perhaps the pervasiveness of mobile devices is just too hard to ignore.  The survey found however that 21% of organisations had experienced a data breach resulting from BYOD or corporate owned mobile devices.

byod-600x339

Many organisations want to take advantage of BYOD especially if they have a mobile and geographically spread workforce.   Interviewed for the survey report  David Mount, Director of Security Solutions Consulting at Micro Focus in the UK, said  “Despite high levels of BYOD adoption, many businesses still haven’t completely figured out how to capitalise on the trend without exposing themselves to risk.   After all, mobile devices which are not owned or managed by the enterprise introduce a variety of security and compliance challenges.”

“BYOD is a moving target: fringe technology today may be a necessity tomorrow. Just consider how the iPhone is now firmly entrenched in the business, while the enterprise-ready Blackberry has fallen out of favour. Businesses must, for instance, consider the impact of wearable devices on their BYOD strategy.

David Mount
David Mount

“The fundamental, ongoing challenge of BYOD is enabling the technology that users want and giving them access to corporate systems without increasing risk. When evaluating potential solutions, businesses must ensure their chosen option not only allows IT to extend security policies to more endpoint devices, but is also convenient and makes users’ lives easier. If not, they probably just won’t use it. Gartner has already predicted that 20% of BYOD initiatives will fail because management measures are too restrictive.

“A few popular solutions, such as Mobile Device Management (MDM) or corporate-owned, personally enabled (COPE) strategies, resolve a few security concerns, but share one fundamental flaw: they focus on the device itself. This is the most disposable, least secure and most easily stolen or compromised part of the equation. Unlike these two options, a mobile application access solution allows IT to capture the advantages of BYOD and innovate while minimising the risks.”

“A mobile application access solution not only makes it easier to expand access to cloud services,”  Mount argues, “but also enables IT to gather everything users need in one place-a portal to all critical business apps. “ By moving the credentialing process off the device, IT can increase security, even allowing for single sign-on to reduce how often users need to re-authenticate.

“Furthermore, it allows administrators to define and manage access easily, while enabling users to purchase the devices they want. In short, a mobile application access solution enables organisations to reduce risk while implementing an innovative BYOD strategy where they keep control of corporate information.”

*  After The Flood, in Computing Security,  May/June 2016, p18-21.  Also available at www.computingsecurity.co.uk

 

This article was first published in OHM, Issue 33, 2016/2, p28

Leave a Reply