Story image

Opinion: BYOD can be secure with the right measures

25 Mar 2019

By Bitglass CTO Anurag Kahol

Bring your own device (BYOD), in which employees work from personal devices such as mobile phones and laptops, is quickly becoming the norm in today’s business environment.

Companies that embrace BYOD are giving employees more freedom to work remotely, resulting in increased productivity, cost savings, and talent retention.

85% of organisations now allow BYOD for at least some of their stakeholders, including employees, contractors, partners, customers, and suppliers.

However, BYOD does change an organisation’s threat landscape and requires security tools that differ from those used to protect managed devices.

Some believe that BYOD is inherently riskier than the traditional way of operating.

Consider the following findings from a recent report on BYOD and security:

  • One in five organisations lacks visibility into basic, native mobile apps on personal devices
  • Only 56% of companies employ key functionality like remote wipe for removing sensitive data from endpoints
  • 43% of organisations don’t know if any BYO or managed devices downloaded malware, indicating a significant lack of visibility
  • 24% of organisations don’t secure email on BYOD at all.

These statistics indicate that companies are not entirely prepared to secure data in BYOD environments.

In addition to the above, 51% of respondents believe that the volume of threats targeting mobile devices will continue to increase.

Because many BYO devices are personal mobile endpoints, these trends continuing unabated will lead to many breaches in the future.

While 15% of companies still do not allow BYOD, it is possible that in the coming years, they will alter their practices in order to maintain a competitive stance in the market.

Additionally, when implementing BYOD, it is essential that these organisations add proper security controls concurrently – not weeks, months, or years after the fact.

Some of these controls include the following:

  • Single sign-on (SSO): The absolute minimum requirement for basic identity and access management (IAM) in cloud and BYOD environments. SSO serves as a single entry point which securely authenticates users across all of an enterprise’s cloud applications.
  • Multi-factor authentication: A tool that requires a second method of identity verification before employees or other users are allowed to access resources.
  • For example, after inputting their passwords, users may be prompted to verify their identities through an SMS token sent via email or text, Google Authenticator, or a hardware token that they carry physically.
  • User and entity behaviour analytics (UEBA): Analytics that provide a baseline for normal user activity and detect anomalous behaviour and actions in real time, allowing IT departments to respond accordingly and automatically.
  • Data loss prevention (DLP): Various tools capable of allowing, blocking or providing intermediate levels of data access; for example, through redaction, digital rights management (DRM), and more.
  • Selective data wipe: This allows administrators to wipe all corporate data from a device without affecting personal data; for example, photos, contacts, calendar events, emails, text messages, and other items.

In BYOD environments, employing all of these tools and best practices requires that organisations leverage agentless solutions deployed in the cloud.

Tools that demand software installations on personal devices invade user privacy and harm device functionality.

This frustrates employees, impedes deployments, and counters the many benefits of BYOD.

Fortunately, agentless tools are capable of securing data without these disadvantages – all while offering highly specialised capabilities.

For example, agentless advanced threat protection can detect and halt threats as they are uploading to an application, as they are being downloaded to a device, or when they are at rest within the cloud.

BYOD can be fully secured if companies leverage the proper tools.

However, organisations that insist on securing personal devices with the same strategies used to protect corporate endpoints will continue to find that they are incapable of protecting their data.

Through an agentless approach that leverages the above tools, companies can embrace the benefits of BYOD without compromising on data protection.

Paving the road to self-sovereign identity using blockchain
Internet users are often required to input personal information and highly-valuable data from contact numbers to email addresses to make use of the various platforms and services available online.
How Huawei aims to enhance IP networks
'We believe that the intelligent IP networks built with the four-engine series products can continuously empower users with business intelligence."
Earth Day 2019: How tech firms can support our planet's wellbeing
Six industry experts explain how they - and other tech organisations - can positively contribute to the wellbeing of our earth.
ExaGrid and Zerto announce an integrated solution for backup and recovery
“In an age of continuous digital transformation, businesses require new levels of resilience from their DR and backup solutions."
Huawei announces the launch of Atlas AI
The Huawei Atlas AI computing platform is powered by Huawei's Ascend series AI processors.
Veeam releases v3 of its MS Office backup solution
One of Veeam’s most popular solutions, Backup for Office 365, has been upgraded again with greater speed, security and analytics.
What to expect from the Surface Hub 2S
Microsoft has released details about the next iteration of the Surface Hub featuring mobility, reduced weight and a 85in version in the works.
Too many 'critical' vulnerabilities to patch? Tenable opts for a different approach
Tenable is hedging all of its security bets on the power of predictive, as the company announced general available of its Predictive Prioritisation solution within Tenable.io.