In the recent times,
smartphones and tablets are conquering the enterprises in breakneck speed. The
concept of Bring Your Own Device (BYOD) is a growing trend in enterprise
businesses. With the consumerization of enterprise mobility, a growing
percentage of employees are bringing their personal devices to work. The
relative shift from stable mobile environments to diverse mobile devices pose
severe challenges to IT in different areas such as the access control,
enforcement of corporate policies and procedures, security of confidential data
on user devices and a number of mobile security issues. Security in BYOD seems
to be serious threat to enterprises, which they can mitigate by devising and implementing
appropriate security best practices through a successful personal BYOD program
to run their business operations diligently.
As modern
technological advancements like mobility penetrates deep into today’s corporate
environments, the enterprise enjoy many benefits such as the increased employee
productivity, satisfaction and effectiveness. However, there are significant
concerns about the privacy and security of sensitive corporate data stored on
these mobile devices that IT must tackle. Enterprises must adopt security best
practices as a reasonable usage policy rather than viewing it as a deterrent to
the BYOD program. The important security best practices an enterprise should
employ for a safe BYOD program are discussed in this article.
Physical Security
Enterprises should
enhance the physical security of the mobile devices accessing the corporate
networks, through BYOD programs, by employing multifactor authentication. The existing
corporate security policies must also be extended to BYOD such as enforcing the
use of a user name, strong password with a combination of special characters,
numbers & alphabets and a series of PIN numbers such as 4 digits personal identification
numbers and 6 digits codes which are generated automatically and expire in a
short duration of time, e.g. 30 or 60 sec.
Identity & Access
Enterprises should
set access levels and permissions for each user or user groups accessing their corporate
network using BYOD or COPE (company owned personally enabled) devices. This is
accomplished by setting up user profiles for each of the employees in an
enterprise. Access permissions need to be set for each of the business critical
applications, folder and for files that are saved, read, edited and emailed. Thus,
authorized mobile device users will access the corporate network in a secured manner.
Devising a proper Mobile Device Management (MDM) solution would help the
enterprises to keep track of the mobile devices (either company owned or
employee owned) connected to the corporate network. The user management console
of the MDM solution would help the IT managers to manage the identity and
access settings for each of the employees in an enterprise. Centralized MDM software can also help to
update the access rights and roll out the updates to the operating system and
applications installed on the mobile devices from one central console.
Enterprises should
also ensure that their cellular network service providers have built in
security across their network. These include two-factor authentication support,
anti-malware, anti-spam software, public key infrastructure (PKI)
authentication and fraud detection.
Content Security
Enterprises should
ensure that proper security protocols are in place on the corporate network, so
that BYOD users accessing the network through their encrypted device from a
Public IP would gain access to only authorized resources. BYOD does not mean
that any corporate data in the enterprise network is freely accessible. A good
combination of intelligent software’s such as anti-malware, data encryption,
content filtration, data loss prevention (DLP) and intrusion prevention
software help to safeguard the corporate data from un-authorized access. If the
device is lost or stolen and falls into the hands of strangers, the enterprises must prevent the corporate
data loss by remotely administering account lock-out or wiping features of the
MDM software. Thus, content security is enforced with reasonable BYOD program
in enterprises.
Remote Access with SSL VPN
Enterprises must setup
a secure network connection for their BYOD users using virtual private networks
(VPNs). Single socket layer virtual private network (SSL VPN) unlike the other
VPNs renders employees with enormous flexibility to access the network securely
from any remote location and from any mobile device. SSL VPNs provide access to
shared resources without any security
concerns in transmitting sensitive data over the internet, since it encrypts
the data as it traverses over the internet. Furthermore, SSL VPN provides secure remote connectivity without the
need for software to be installed on each device.
Detect Jail Breaks
Enterprises should
automatically detect jailbroken or rooted mobile devices connecting to the
corporate network in the BYOD program. Such devices need to be refused connectivity
to the corporate networks and thus containing the resulting business risk.
Enterprises should proactively assess the integrity of the mobile devices used
for business during device enrollment and thereafter periodically. One way to
accomplish this is by employing a MDM Solution in the corporate network that
can detect the jailbroken or rooted devices. Push notifications need to be sent
to the jailbroken devices to remedy the device, if it fails the compromised
device need to be unenrolled from network or remotely wiped using MDM tools.
MDM & ITSM
Business IT teams
look for MDM Solutions with the
rising popularity of BYOD in enterprises. However, there exist a disconnection
between MDM and ITSM (IT Service Management) strategies which results in
inefficiencies and misunderstandings. Enterprises should efficiently integrate
MDM capabilities to their existing ITSM platforms to gain control over all the
assets such as desktops, laptops and mobile devices from a single focal point.
This results in increased consistency and transparency throughout the
organization. Profoundly, integrated solutions allow for complete control of
devices, including enforcement of passcodes, detect jailbreaks or rooting,
ability to remotely lock or wipe the lost or stolen devices and the ability to
remotely configure WiFi or email configurations.
Conclusion
There are very many
MDM products available in the market suiting to the specific needs of the
enterprise and its security. The complex legal impact of the BYOD practice
should be carefully considered by employing a multi-factor approach. Security
in a BYOD program results in a reasonable personal device usage policy which
mitigates the risks and it is truly a win/win game for the users and the
organizations.
by Emma Watson
by Emma Watson
0 comments:
Post a Comment