Recent studies show 90% of employees use their latest personal devices in the workplace. Consequently, the bring your own device (BYOD) trend is rapidly changing the way employees access enterprise systems including email, FTP and databases.
However, BYOD poses serious risks. To many CIOs and IT managers, it represents a loss of control, complex mobile device management and a fear of the unknown security risk. Some have called it "bring your own disaster". The problems are further augmented by the frequent changes in the handheld devices and tablets themselves.
As organisations devise new policies, remote device management and application build strategies, CIOs and IT Consultants can minimise the security threat associated with BYOD adoption by taking a three-dimensional approach involving a focus on people, process and technology.
People: Employees using their personal devices to access enterprise applications are perhaps the weakest link with respect to security. Inadvertently, they can expose the enterprise data beyond corporate boundaries or can become vehicles for malicious Trojans creeping into the enterprise environment. However, they are important to BYOD success in organisations.
As a first step, educating employees about the dos and don’ts of leveraging personal devices for enterprise access is a must. In this context, updating end-user access agreements or policies and providing documentation of the same to users is crucial.
They must be made aware of the signs of social engineering attacks and the security best practices they are required to follow to ensure they don’t unwittingly expose the enterprise’s IT environment to a security breach.
Employees must also be made aware of their rights versus their privileges, which will greatly assist with protecting enterprise data.
In essence, taking employees into confidence and making users aware of the threats, along with actionable advice on dealing with the issues, can to a large extent facilitate a smooth BYOD deployment.
BYOD is taking hold in the enterprise, regardless of organisations’ consent or lack of it. A company-authorised BYOD programme is a safer option. The merits of BYOD are undeniable – as the traditional divide between work and personal life blurs, BYOD enables company executives and sales personnel to use a single device for all types of communication and enjoy the enhanced user experience such gadgets offer to increase efficiency and productivity.
To successfully deploy BYOD, the human element plays a critical role. Employees are the first line of defence and complement IT controls to ensure effective and secure roll out of BYOD strategy. Their participation is crucial.
Process and technology are the other key factors that require careful consideration to ensure successful deployment of BYOD. These will be discussed in part two, which will look at the processes and technologies associated with BYOD.
Munish Gupta, CISSP, is a security architect in the cloud division of Infosys and Souvik Khamaru is a senior security architect in the cloud division of Infosys
This was first published in January 2013