Security-related headaches around BYOD may make users want to BYOB.
That's what you can conclude from a new survey that shows organizations with bring your own device (BYOD) policies have twice the number of security concerns as other organizations.
“BYOD introduces a variety of potential risks from security and policy perspectives, as well as end-user privacy,” said Eugene Liderman, director of the office of the CTO at Good Technology, the company that sponsored the Mid-Market Mobility Trends Survey.
The Ups and Downs of BYOD
But BYOD isn’t all bad news. “BYODbrings significant benefits to companies, including cost savings,increased productivity and happier employees,” said Ryan Kalember, chiefproduct officer of WatchDox, a provider of secure enterprise filesync-and-share solutions.
Rob Howard, CTO of Zimbra, a provider of unified collaboration solutions, agrees. “Consumerapplications, services and devices are liberating for employees;providing intuitive interfaces and anytime, anywhere access acrossmultiple devices,” he said “However, IT teams have lost control ofcorporate data, as well as infrastructure, which is becomingincreasingly complex.”
Risks arising from BYOD practices come from all different directions including:
Sharingcapabilities.Users have more ability and freedom to share informationon mobile devices than ever before. “Unfortunately, this also meanspotentially syncing corporate data to consumer outlets (i.e. Synccorporate content to iCloud, Facebook, LinkedIn, etc.),” said Liderman. “However, enterprise security teams are struggling to keep up with theinnovative and powerful consumer functionality. Enterprise data is inregular jeopardy of being leaked. This leakage can happen knowingly ornot.”
User-based risk. Users often look to adopt tools they use intheir personal lives for work-related tasks. They might decide to synctheir work material to iCloud or personal Dropbox accounts, saidLiderman.
Enterprise-based risk. In this case users might decide towork around IT barriers, said Liderman. For example, they might decideto forward information to their personal e-mail account.
All About the Data
Without theright policies and technology in place, a stolen tablet could mean a company’sconfidential financial information ends up in the wrong hands, saidKalember. “Additionally, research has shown that employees routinelyuse unauthorized apps to share, access and annotate company files,” hesaid.
Data theft is a huge problem, experts agree. “The federal governmenthas identified a growing data theft threat from current and formeremployees looking for revenge or a quick payout,” said Kalember. “Asmore mobile devices continue to enter the picture — especially devicesthat are out of IT’s control—these security challenges will onlyincrease.”
Making BYOD Work for You
To beef up your BYODsecurity you need to assess risks and draft a strong policy.
“Provideusers with a sense of responsibility and clear guidelines. These soft controls treat your employees respectfully, while ensuring theyunderstand the consequences for negligence. As with all digitalprograms, this requires multiple teams and executive buy-in,” saidHoward.
While it’s a step in the right direction, justhaving a BYOD policy isn’t enough to insulate an organization fromproblems.
“Whether or not an organization has an official BYODpolicy, there’s no question that employees are using their personaldevices to access company files,” said Kalember. “For this reason, thesecurity issues associated with BYOD — namely sensitive company dataending up in the wrong hands, or remaining on employees’ devices longafter they leave the company — are issues that every IT team should beconcerned about, regardless of whether their company has an officialBYOD policy.”
Other steps to take to secure your organization include:
Putthe focus on information. “To best protect company files, organizationsmust focus on securing the data itself, rather than just the device,”said Kalember. “This approach allows companies to remotely control whocan access files, set expiration dates and revoke access at anytime—evenif a device is stolen or ends up in the wrong hands.”
Face amoving target. “Cloud and mobile trends are boons to the userexperience, but they can dramatically increase the number of technologyand data silos an organization has to grapple with,” said Howard. “Thiscreates a costly, Band-Aid approach to the management of security,privacy, compliance, digital assets, intellectual property andresources," he said. Ensure any cloud-enabled applications and systems meet yourdata residency needs. Look for service providers running regional orlocal data centers who are not subject to data sovereignty assertionsfrom foreign governments.
Don’t ignore email risks.Email may not seem like much of a risk, but it’s the technology mostemployees use to share files, creating potential for security andinformation leaks, said Howard.
If you plan, you can minimize the risks for BYOD.
“Companies can embrace the benefits of BYOD whilekeeping their files secure as long as they architect smart policiesand choose the right partners,” said Kalember.