Tuesday, October 9, 2012

Is Security a Blow to BYOD?



In the recent times, smartphones and tablets are conquering the enterprises in breakneck speed. The concept of Bring Your Own Device (BYOD) is a growing trend in enterprise businesses. With the consumerization of enterprise mobility, a growing percentage of employees are bringing their personal devices to work. The relative shift from stable mobile environments to diverse mobile devices pose severe challenges to IT in different areas such as the access control, enforcement of corporate policies and procedures, security of confidential data on user devices and a number of mobile security issues. Security in BYOD seems to be serious threat to enterprises, which they can mitigate by devising and implementing appropriate security best practices through a successful personal BYOD program to run their business operations diligently.
As modern technological advancements like mobility penetrates deep into today’s corporate environments, the enterprise enjoy many benefits such as the increased employee productivity, satisfaction and effectiveness. However, there are significant concerns about the privacy and security of sensitive corporate data stored on these mobile devices that IT must tackle. Enterprises must adopt security best practices as a reasonable usage policy rather than viewing it as a deterrent to the BYOD program. The important security best practices an enterprise should employ for a safe BYOD program are discussed in this article.

Physical Security

Enterprises should enhance the physical security of the mobile devices accessing the corporate networks, through BYOD programs, by employing multifactor authentication. The existing corporate security policies must also be extended to BYOD such as enforcing the use of a user name, strong password with a combination of special characters, numbers & alphabets and a series of PIN numbers such as 4 digits personal identification numbers and 6 digits codes which are generated automatically and expire in a short duration of time, e.g. 30 or 60 sec.

Identity & Access

Enterprises should set access levels and permissions for each user or user groups accessing their corporate network using BYOD or COPE (company owned personally enabled) devices. This is accomplished by setting up user profiles for each of the employees in an enterprise. Access permissions need to be set for each of the business critical applications, folder and for files that are saved, read, edited and emailed. Thus, authorized mobile device users will access the corporate network in a secured manner. Devising a proper Mobile Device Management (MDM) solution would help the enterprises to keep track of the mobile devices (either company owned or employee owned) connected to the corporate network. The user management console of the MDM solution would help the IT managers to manage the identity and access settings for each of the employees in an enterprise. Centralized MDM software can also help to update the access rights and roll out the updates to the operating system and applications installed on the mobile devices from one central console.
Enterprises should also ensure that their cellular network service providers have built in security across their network. These include two-factor authentication support, anti-malware, anti-spam software, public key infrastructure (PKI) authentication and fraud detection.

Content Security

Enterprises should ensure that proper security protocols are in place on the corporate network, so that BYOD users accessing the network through their encrypted device from a Public IP would gain access to only authorized resources. BYOD does not mean that any corporate data in the enterprise network is freely accessible. A good combination of intelligent software’s such as anti-malware, data encryption, content filtration, data loss prevention (DLP) and intrusion prevention software help to safeguard the corporate data from un-authorized access. If the device is lost or stolen and falls into the hands of strangers, the enterprises must prevent the corporate data loss by remotely administering account lock-out or wiping features of the MDM software. Thus, content security is enforced with reasonable BYOD program in enterprises.

 

Remote Access with SSL VPN

Enterprises must setup a secure network connection for their BYOD users using virtual private networks (VPNs). Single socket layer virtual private network (SSL VPN) unlike the other VPNs renders employees with enormous flexibility to access the network securely from any remote location and from any mobile device. SSL VPNs provide access to shared resources without any security concerns in transmitting sensitive data over the internet, since it encrypts the data as it traverses over the internet. Furthermore, SSL VPN provides secure remote connectivity without the need for software to be installed on each device.

Detect Jail Breaks

Enterprises should automatically detect jailbroken or rooted mobile devices connecting to the corporate network in the BYOD program. Such devices need to be refused connectivity to the corporate networks and thus containing the resulting business risk. Enterprises should proactively assess the integrity of the mobile devices used for business during device enrollment and thereafter periodically. One way to accomplish this is by employing a MDM Solution in the corporate network that can detect the jailbroken or rooted devices. Push notifications need to be sent to the jailbroken devices to remedy the device, if it fails the compromised device need to be unenrolled from network or remotely wiped using MDM tools.

MDM & ITSM

Business IT teams look for MDM Solutions with the rising popularity of BYOD in enterprises. However, there exist a disconnection between MDM and ITSM (IT Service Management) strategies which results in inefficiencies and misunderstandings. Enterprises should efficiently integrate MDM capabilities to their existing ITSM platforms to gain control over all the assets such as desktops, laptops and mobile devices from a single focal point. This results in increased consistency and transparency throughout the organization. Profoundly, integrated solutions allow for complete control of devices, including enforcement of passcodes, detect jailbreaks or rooting, ability to remotely lock or wipe the lost or stolen devices and the ability to remotely configure WiFi or email configurations.

Conclusion

There are very many MDM products available in the market suiting to the specific needs of the enterprise and its security. The complex legal impact of the BYOD practice should be carefully considered by employing a multi-factor approach. Security in a BYOD program results in a reasonable personal device usage policy which mitigates the risks and it is truly a win/win game for the users and the organizations.

by Emma Watson

0 comments:

Post a Comment