Business Management

Jeremy D'Hoinne (Global) - Ongoing Security Challenges Faced by "BYOD"

Enterprises will need to face up to and embrace the ongoing security challenges faced by the "BYOD" (Bring Your Own Device) phenomenon, as 2013 will bring more chaos.

Research by IT analyst group Ovum reported recently on the host of challenges enterprises are facing when dealing with the latest ongoing "bring your own device" trend. It pointed to the escalating security issues being faced by corporates of all sizes as IT consumerisation takes hold across the globe. And we've only just scratched the surface; 2013 will see this continuing trend bring more chaos to enterprises as they grapple to understand and deal with employee expectations and consume all the benefits that BYOD can bring. Although creating a huge opportunity for today's enterprise, the threat to security is enormous.

As employees access IT resources outside the firewall using their own laptops and a host of other mobile devices, IT assets are shifting from inside to outside the corporate firewall. Historically, preventing unauthorised access to individual devices was challenging enough e.g. blocking USB ports, CD-ROMs, unwanted network file transfers - so it's an understatement that the IT professional is facing a much bigger challenge.

As increasing technology innovation delivers newer and smarter devices, so the complexity of BYOD and its inherent security issues will increase. As we head into 2013, mobile device management will also be key, and since the likes of Windows 8 bring 140 form factors to market, things are likely to get a lot worse.

Adapting and deploying security policies now, is the only sure way the Enterprise and the IT professional can resurface unscathed.

Policies admitting only company devices are doomed
Adapting security policies and applying different security profiles means IT departments can keep ahead of the game, but this is a genuine challenge. As we know, it is a common, and valid, security policy to admit only company devices and to block access from everything else. The only problem with this is that unfortunately it doesn't work. There are just too many device changes and too many requests for remote access. How can IT refuse the VP of sales who demands access to his email while traveling overseas? He is an Apple fan and doesn't want the offered obsolete 3GS for which you've negotiated a good deal - which means the security policy is in trouble right away.

Unified security gateways are the nirvana
The reality is that businesses don't have a choice. Application-level security policy should replace device-based access-lists - whatever the device is - personal or corporate. However, this does not mean the devices are forgotten completely. There just needs to be a way to recognise them and apply different security profiles accordingly. Technology can help with this - a unified security gateway should be able to manage local and remote access, automatically identify the applications and devices in use, and apply different security inspection strategies based on this information.

Tracking the different usages and automatically adapting security policies gives an all-important advantage over a simple blocking strategy: businesses know what's happening. This enables them to act on the most important link in the overall security chain: its users.

Every business needs to evaluate and plot a strategy on BYOD, even if it intends not to allow it. In 2013, we'll see BYOD expanding beyond personal devices, into the realms of applications and social networks, and the implications for organisations of all sizes will become more complex. Now is the time to embrace it, and do everything possible to make the corporate network as secure as it can be.


By Jeremy D'Hoinne, NETASQ



« Ian Dixon (Global) - No Short Cuts When It Comes To Mitigating Downtime Risk


Tony Virdi (Global) - Evolution of a Cashless Society: Taking a Lesson from Emerging Markets »


Do you think your smartphone is making you a workaholic?