• Home
• Telecoms & IT
• News Article

The age of enterprise Mobility and BYOD - Is your organization secure?

Stephan Berner, managing director at help AG, a strategic information security consulting specialist in the Middle East, says that BYOD offers a number of benefits- the shift of operational expenses to the employee, with the worker bearing the cost of hardware, voice and data services and other related expenses; round the clock connectivity; and plain employee satisfaction. Also, given that the devices are not subject to slow upgrade cycles and infrastructure upgrade policies, they tend to be more cutting- edge allowing the enterprise to avail of the latest features and capabilities.

The problem enterprises face today is how to give their employees both flexibility and mobility, while securing the enterprise.

Be Malware Aware

One unwritten rule of malware is that when an operating system has reached 10% market penetration you will start seeing virus and malware being written for it. Smartphones and mobile devices are no different. Worldwide, the two big players in the market- Google's Android and Apple's iOS- are in a constant battle against threats. The Android system is by far the most heavily targeted. A report by Juniper Networks showed a 472 percent increase in Android malware samples since July 2011[2]. This is largely due to the open nature of the Android marketplace which allows app developers to post apps to the marketplace without stringent application control. Thanks to tight regulation, the Apple App Store has been far more secure but there is always a possiblity of malware being installed on a jailbroken Apple device since jailbreaking of the device bypasses Apple's software control.

BlackBerry devices which remain popular in the Middle East are almost untouched due to RIM's tight control around the APIs to the BlackBerry operating system. This control does however affect the openness of the platform negatively which is why the number of applications available for BlackBerry platform is rather limited as compared to iOS and Android.

While malware targeting mobile devices is undoubtedly on the rise, mobile malware should not be a top priority concern for most large businesses. Companies instead should lay emphasis on mobile device security. As workers now use more powerful mobile devices, companies need to be concerned with the physical security of mobile devices and about what mobile devices are downloading from their networks.

Addressing the Employee Factor

The employee still remains at the heart of discussion. Unmonitored access to information even in the form of a synched email account should be perceived as a security liability. What the IT department needs to address is a consistent way to manage personal devices. This includes formulating accepted guidelines for the use of BYOD in the workplace as well as educating employees on how to protect their devices from potential threats.

When addressing the issue of securing 'prosumer' devices, those which assume both a professional and consumer role, enterprises need to answer the following questions- is there need for device encryption; who will implement endpoint security measures such as antiviruses; and will the organization have remote control over the device such as removing/installing applications, monitoring running applications, or even terminating an application in real-time.

With BYOD, information takes precedence- it is the organization's information that is the liablity and not the underlying hardware. Loss or the uncontrolled leakage of data can have a huge business impact. IT departments can employ safeguards such as placing a thin client with suitable authentication on a smart-phone. This can be configured to allow employees to connect to the corporate network while preventing the removal of data.

Another effective method of controlling data leakage and access to sensitive data on the device is sandboxing . This is possible through an application which when installed creates an encrypted area for data storage. This data can be shredded/ deleted if necessary and no other application can access this data area unless the corporate policy allows it.

It is also essential that IT department retains the ability to secure, control and remotely erase corporate data on employee-owned devices in the event of a security breach, if the employee leaves or the device is lost or stolen.

With the future of mobile computing advancing at a rapid pace, the increased use of high-tech personal devices at the workplace is only but inevitable. Organizations should recognize that BYOD is very much here to stay and should have policies in place to ensure that they are prepared. Most of all, the push for the adoption of enterprise mobility should not be driven by "what is possible" but instead by "what is possible in a SECURE way".

© Zawya 2012