Anyone following information security over the past 3 years has heard the nasty four letter acronym of BYOD or Bring Your Own Device. This phenomenon has taken shape as the consumerization of IT has made its way to the enterprise. With tablets and smartphones exploding in popularity over the past couple of years it’s no wonder that employees want to start using the hardware (and the apps that run on them).
With a growing workforce of college grads that consider these devices an extension of their being, trying to take a smartphone from them would be like cutting off one of their hands. The two major concerns that security pro’s must deal with are:
The first question on “What can we do to protect our data?” is more complicated than one might think. There are many vendors offering MDM (Mobile Device Management) that really like to pull the wool over your eyes and a few that are downright awesome. There are many features within these systems that allow you to do some pretty fancy things, but from a security point of view I’m really worried about my data. For example, when you’re sent an e-mail and you open on your device (tablet/smartphone) where can you forward that data? If someone has files on their smartphone with confidential company data on it, and I leave the company with that phone, can you really be sure that this person didn’t just walk out with your customers’ credit card numbers, sensitive information regarding mergers and acquisitions, competitive intelligence, etc.? Yup, that just happened.
Sensitive company data is walking around in your employee’s pants… unprotected. Is this data encrypted while it’s on your tablet or is it floating around in sites like dropbox.com waiting to be scooped up, stolen, or accidently released into the wrong hands?
Another question you need to ask yourself with MDM is how are you going to protect the organization from these devices? Malware on mobile devices is one of the fastest growing malicious vectors on the internet and bringing these devices into your network could be a threat to your company. Are these devices going to be using your wireless network when they’re in the building? Here are some items for your to-do list:
With the exponential increase in mobile device applications and hardware, the ability to run and perform tasks is growing every year. I don’t trust a device that someone brings from home that their kids had previously been using to download the latest version of Angry Birds on to connect to an enterprise network. It’s simply too risky to have these devices connecting to an internal network! Additionally, setting up policy on the MDM to remove the mobile device software from a device that’s been jailbroken or rooted is a way to protect you from devices that are looking to potentially put themselves into harm’s way.
There are many other ways to protect your company and your data from a BYOD implementation and these ideas just scratch the surface of security implementations and controls that can be put in place when rolling out a BYOD program. Hopefully you don’t Bring Your Own Disaster while allowing users to bring in their personal devices.
Receive notifications of new posts by email.