EXPERT SPEAK
Although the cutting-edge technologies to support this demand have increased productivity and efficiency, they also pose a risk. The main concern for companies when it comes to BYOD continues to be the risk of malicious employees or data leaked by mistake.
As mobile platforms become more integrated and common in the workplace, when a device is lost or stolen, there is a high possibility of putting data and credentials at risk. Many organisations view security as a technical issue. However, it is important that they realise employees also have a part to play in the security of the business. It is much easier for cybercriminals to target the employee than the business itself, so educating employees on how to mitigate security risks should form an integral part of any IT security strategy.
As more employees bring their own devices into the workplace and use cloud, virtualisation and social networking, businesses now face the challenge of enforcing corporate security policies on consumer devices that are not solely controlled by the IT department. This lack of control exposes businesses to security vulnerabilities in the form of data breaches and unauthorised access. Therefore getting security controls and policies right is vital.
The methods cybercriminals use to exploit employees are still the same as a decade ago, the difference now is that the number of exposed points have increased. For example, in addition to the corporate PC, employees now have a host of personal devices and social media platforms for hackers to target. With so many different attack vectors, there are more opportunities for cyber
The methods cybercriminals use to exploit employees are still the same as a decade ago, the difference now is that the number of exposed points have increased
criminals to compromise security, improving their success rate.
A central part of the BYOD strategy is extending the existing authentication schemes to mobile devices. BYOD should not create any extra costs and it is important to lower the IT burden by using the same access platform for all endpoints.
A centrally managed access for all resources- networks, cloud applications, VPNs, VDIs, web-based applications- is highly recommended. While a lot of people would be happier if their device at work was managed by their operator, it is imperative for operators to address the end-user security concerns. Operators need to work together with company IT managers to incorporate BYOD security strategies, as keylogging malware can be downloaded simply when a staff member decides to use their office PC USB to charge their device.
As with endpoints, operators need to provide central management access for smart phones, tablets, notebooks, laptops, desktops. Lastly, it is important to keep it scalable, as more mobile devices and endpoints would need to be supported with time.
The best practices to minimise threat surfaces for mobiles devices are through the implementation of strong authentication measures, e-mail and data encryption for high level executives and ensuring digital signatures are enforced.
In order to address any related security concerns, market technologies that can be used by organisations are mobile device management and onetime password applications. While mobile device management technology provides the ability to create a secure area within the device that is dedicated to corporate functions and applications, one-time password ensures stronger access control is provided using the device as an authenticator.
Adopting a holistic security strategy that offers multiple layers of protection such as encryption, access controls, encryption key management, network security, mobile device management as well as one-time password technologies and strong authentication is important. But it is also important to mitigate the risk posed by human error.
Mobility is the future of the workforce and, as long as mobile devices will continue to be used in business, having the right BYOD policies in place will help mitigate the security risks. A clearly defined policy outlining the rules of engagement should be enforced and the potential issues addressed upfront. Technology will keep evolving, so enterprises large or small need to be prepared for what the future brings.
50 Issue 02 INTELLIGENT TECH CHANNELS