itb-au logo
Story image

Opinion: BYOD can be secure with the right measures

25 Mar 2019

By Bitglass CTO Anurag Kahol

Bring your own device (BYOD), in which employees work from personal devices such as mobile phones and laptops, is quickly becoming the norm in today’s business environment.

Companies that embrace BYOD are giving employees more freedom to work remotely, resulting in increased productivity, cost savings, and talent retention.

85% of organisations now allow BYOD for at least some of their stakeholders, including employees, contractors, partners, customers, and suppliers.

However, BYOD does change an organisation’s threat landscape and requires security tools that differ from those used to protect managed devices.

Some believe that BYOD is inherently riskier than the traditional way of operating.

Consider the following findings from a recent report on BYOD and security:

  • One in five organisations lacks visibility into basic, native mobile apps on personal devices
  • Only 56% of companies employ key functionality like remote wipe for removing sensitive data from endpoints
  • 43% of organisations don’t know if any BYO or managed devices downloaded malware, indicating a significant lack of visibility
  • 24% of organisations don’t secure email on BYOD at all.

These statistics indicate that companies are not entirely prepared to secure data in BYOD environments.

In addition to the above, 51% of respondents believe that the volume of threats targeting mobile devices will continue to increase.

Because many BYO devices are personal mobile endpoints, these trends continuing unabated will lead to many breaches in the future.

While 15% of companies still do not allow BYOD, it is possible that in the coming years, they will alter their practices in order to maintain a competitive stance in the market.

Additionally, when implementing BYOD, it is essential that these organisations add proper security controls concurrently – not weeks, months, or years after the fact.

Some of these controls include the following:

  • Single sign-on (SSO): The absolute minimum requirement for basic identity and access management (IAM) in cloud and BYOD environments. SSO serves as a single entry point which securely authenticates users across all of an enterprise’s cloud applications.
  • Multi-factor authentication: A tool that requires a second method of identity verification before employees or other users are allowed to access resources.
  • For example, after inputting their passwords, users may be prompted to verify their identities through an SMS token sent via email or text, Google Authenticator, or a hardware token that they carry physically.
  • User and entity behaviour analytics (UEBA): Analytics that provide a baseline for normal user activity and detect anomalous behaviour and actions in real time, allowing IT departments to respond accordingly and automatically.
  • Data loss prevention (DLP): Various tools capable of allowing, blocking or providing intermediate levels of data access; for example, through redaction, digital rights management (DRM), and more.
  • Selective data wipe: This allows administrators to wipe all corporate data from a device without affecting personal data; for example, photos, contacts, calendar events, emails, text messages, and other items.

In BYOD environments, employing all of these tools and best practices requires that organisations leverage agentless solutions deployed in the cloud.

Tools that demand software installations on personal devices invade user privacy and harm device functionality.

This frustrates employees, impedes deployments, and counters the many benefits of BYOD.

Fortunately, agentless tools are capable of securing data without these disadvantages – all while offering highly specialised capabilities.

For example, agentless advanced threat protection can detect and halt threats as they are uploading to an application, as they are being downloaded to a device, or when they are at rest within the cloud.

BYOD can be fully secured if companies leverage the proper tools.

However, organisations that insist on securing personal devices with the same strategies used to protect corporate endpoints will continue to find that they are incapable of protecting their data.

Through an agentless approach that leverages the above tools, companies can embrace the benefits of BYOD without compromising on data protection.

Link image
Why it's crucial to normalise proper security training for remote working
Knowing and implementing best practices for remote security can save money, time and headaches. It starts with a quality solution to safeguard the workforce.More
Story image
Beyond Limits hits $133 million in Series C investment round
The company, which focuses on demanding sectors such as energy, utilities and healthcare, says the investment will help to drive the global expansion of AI technology. More
Link image
<span class="coloured">Unleash the intelligent way to automate at Pega Discover – Intelligent Automation</span>
Find out how the world’s largest brands are accelerating business and simplifying systems in this two-hour, interactive virtual event. By the end you’ll be primed to start getting business done smarter and faster while scaling toward your biggest business goals. Register Now.More
Story image
4 steps to overcome common infrastructure monitoring challenges
By taking steps to create visibility across their entire tech stacks, companies can create a modern environment and a culture of visibility while gaining full observability across their infrastructure. More
Link image
Webcast series: The necessary tools to secure a remote workforce
Experts from across the A/NZ region discuss the best security practices in a remote working world - with sessions available on the first Thursday of every month.More
Story image
DevOps & IT teams feel pressure to keep digital services online during pandemic
Many DevOps and IT teams spend more than 10 extra hours per week dealing with a 47% rise in incidents.More