Story image

Opinion: BYOD can be secure with the right measures

25 Mar 2019
Twitter
Facebook

By Bitglass CTO Anurag Kahol

Bring your own device (BYOD), in which employees work from personal devices such as mobile phones and laptops, is quickly becoming the norm in today’s business environment.

Companies that embrace BYOD are giving employees more freedom to work remotely, resulting in increased productivity, cost savings, and talent retention.

85% of organisations now allow BYOD for at least some of their stakeholders, including employees, contractors, partners, customers, and suppliers.

However, BYOD does change an organisation’s threat landscape and requires security tools that differ from those used to protect managed devices.

Some believe that BYOD is inherently riskier than the traditional way of operating.

Consider the following findings from a recent report on BYOD and security:

  • One in five organisations lacks visibility into basic, native mobile apps on personal devices
  • Only 56% of companies employ key functionality like remote wipe for removing sensitive data from endpoints
  • 43% of organisations don’t know if any BYO or managed devices downloaded malware, indicating a significant lack of visibility
  • 24% of organisations don’t secure email on BYOD at all.

These statistics indicate that companies are not entirely prepared to secure data in BYOD environments.

In addition to the above, 51% of respondents believe that the volume of threats targeting mobile devices will continue to increase.

Because many BYO devices are personal mobile endpoints, these trends continuing unabated will lead to many breaches in the future.

While 15% of companies still do not allow BYOD, it is possible that in the coming years, they will alter their practices in order to maintain a competitive stance in the market.

Additionally, when implementing BYOD, it is essential that these organisations add proper security controls concurrently – not weeks, months, or years after the fact.

Some of these controls include the following:

  • Single sign-on (SSO): The absolute minimum requirement for basic identity and access management (IAM) in cloud and BYOD environments. SSO serves as a single entry point which securely authenticates users across all of an enterprise’s cloud applications.
  • Multi-factor authentication: A tool that requires a second method of identity verification before employees or other users are allowed to access resources.
  • For example, after inputting their passwords, users may be prompted to verify their identities through an SMS token sent via email or text, Google Authenticator, or a hardware token that they carry physically.
  • User and entity behaviour analytics (UEBA): Analytics that provide a baseline for normal user activity and detect anomalous behaviour and actions in real time, allowing IT departments to respond accordingly and automatically.
  • Data loss prevention (DLP): Various tools capable of allowing, blocking or providing intermediate levels of data access; for example, through redaction, digital rights management (DRM), and more.
  • Selective data wipe: This allows administrators to wipe all corporate data from a device without affecting personal data; for example, photos, contacts, calendar events, emails, text messages, and other items.

In BYOD environments, employing all of these tools and best practices requires that organisations leverage agentless solutions deployed in the cloud.

Tools that demand software installations on personal devices invade user privacy and harm device functionality.

This frustrates employees, impedes deployments, and counters the many benefits of BYOD.

Fortunately, agentless tools are capable of securing data without these disadvantages – all while offering highly specialised capabilities.

For example, agentless advanced threat protection can detect and halt threats as they are uploading to an application, as they are being downloaded to a device, or when they are at rest within the cloud.

BYOD can be fully secured if companies leverage the proper tools.

However, organisations that insist on securing personal devices with the same strategies used to protect corporate endpoints will continue to find that they are incapable of protecting their data.

Through an agentless approach that leverages the above tools, companies can embrace the benefits of BYOD without compromising on data protection.

Story image
Yesterday
Patching: Reducing the gap between exposure and remediation
On average, it takes an organisation 90-120 days to deploy a patch to their devices, which is too big a gap between a patch being released and it being deployed.More
Story image
14 Nov
Splunk in the wild: the ‘data to everything’ platform in action
With a platform offering that professes to ‘do everything with your data’, Splunk’s solutions come alive in its use cases and with customers who are taking the technology and using it to solve specific pain points or to extend capabilities.More
Story image
13 Nov
Microsoft showcases innovations in new Asia Pacific HQ
Almost 145,000 metres of cabling, 200 display screens, 179 Bluetooth beacons and 900 sensors make up Microsoft’s new Asia Pacific headquarters in Singapore, which is now home to the region’s first Microsoft Experience Centre.More
Story image
08 Nov
Addressing the cybersecurity skills gap
Cybersecurity is consistently rated as one of the most problematic skills shortage areas in the enterprise, Skillsoft says.More
Link image
Whitepaper: The state of play of A/NZ cybersecurity
There’s no denying the cybersecurity challenges: lack of skills, compliance and the changing threat landscape are just the tip of the iceberg.More
Story image
13 Nov
Moving to a multi-cloud environment? Eliminate security gaps with Fortinet
Multi-cloud environments are the new normal and securing them in a unified manner can be problematic – but not with Fortinet’s comprehensive multi-cloud-based Security Fabric.More