Everyone wants to have the latest technology and the coolest device. Consequently, we are breaking our corporate perimeter, and we will keep doing that, bringing disruption in what once was the preserve of the business: information technology.
This is the era of consumerisation, with devices that are as capable and powerful as – or even more powerful than – the computers in the office.
We are witnessing an era in which information is stored almost everywhere – in your computer, in your backup, in the cloud, in your cloud provider's backup, in your mobile device. Too many places that are difficult to manage.
But we cannot give up. Bring your own device (BYOD) and consumerisation are not just passing fads. They are here to stay. It is inevitable, because it is within our human nature to go beyond the rules, to move forward on the very next wave of information technology.
However, the BYOD phenomenon is growing, and it seems no one can stop it. As enterprises’ security policies allow BYOD, what can organisations do to increase awareness among employees and improve their understanding of the risks?
Manage BYOD risks
My advice to companies is to embrace BYOD – to adopt and adapt to this emerging trend, and provide the countermeasures to defend the company and protect the brand.
This can be done through a number of steps:
- Define policies and design processes and procedures to protect intellectual property and sensitive information.
- Set expectations so everybody knows what will happen if the device is stolen or lost. Every user must know the backup approach, the retention policies, the wipe-out capabilities, etc.
- Use technology to classify information and define the limits of its use.
- Assign information owners who are responsible for its use.
- Perform regular audits to understand how the information is being used, by whom, when, from/to where and how. Use Isaca’s BYOD audit programme, available here.
- Manage digital identities wisely and incorporate the BYOD angle within the identity management of your company. Then move towards access governance.
- Include the devices within the corporate asset management programme. Through this, you will know if you need to patch it, and you will be aware of potential vulnerabilities. It is the only way to embrace a network access control (NAC) approach.
- Involve human resources and IT departments so that, together, you can find the right balance for the BYOD challenge.
BYOD might sound like an invitation (bring), but it actually is more of a rebellion (I’m bringing). We need to get ready. Have the right set of mind when it comes to protecting critical information and defending the brand.
Consider all your company’s in/out vectors and make good use of the triad people-process-technology. It is the only way to succeed in a world that goes fast. Maybe, too fast.
Ramsés Gallego is international vice-president of Isaca, and security strategist and evangelist at Quest Software, now part of Dell.
Image: Jupiter Images/Thinkstock
This was first published in March 2013