Security Think Tank: BYOD means the map is no longer the territory

With the growth of BYOD and personal cloud at work, how can IT ensure the security of corporate data and does MDM have a role?

In the modern enterprise, the map is no longer the territory, writes Adrian Wright. The "map" in this case represents the inventory and network diagrams that used to tell IT people where all the systems and endpoints were on their network, while the "territory" represents the reality of what is actually out there and connecting in.

Prior to the mobile and bring your own device BYOD explosion, the map and the territory were pretty much the same, give or take, but I believe this is no longer the case and is becoming less so every day.

The unstoppable trend is that more employees are using their own smartphones and tablets for work, creating an upward surge of consumer mobile devices accessing corporate networks and storing corporate data. Organisations must prepare themselves for a world where the dominant endpoint is not a desktop computer, but a mobile device.

Latest research shows nearly three-quarters of smart device owning professionals are using those personal devices to access company data, yet more than three-quarters of organisations are failing to manage that activity effectively.

Some time ago I wrote an article entitled You can’t protect what you don’t know you’ve got, and this challenge of finding out what, where and how myriad personal devices are connected and what amount and value of your corporate data is on them, is the primary question you need to answer before attempting to secure anything.

The definition of what constitutes the "personal cloud" remains an area of intense debate. Most purchasers of popular smartphones will be automatically granted access to a personal cloud like Google or iCloud for backing up and providing extended storage for their device, and this is a good starting point in defining what the personal cloud is, and where some of your corporate data might already be.

Mobile device management MDM is certainly a route to take if BYOD is identified as a growing risk, but where you start depends to what degree BYOD has already been allowed to creep in by stealth.

Most devices connect wirelessly and many employees have connected their device to the network by finding out the wireless password. So once you have MDM in place, you might consider changing all the wireless passwords to force users off the network before allowing them back on in a more controlled, inventoried and secured way.

Adrian Wright is research vice-president for the UK Chapter of the Information Systems Security Association (ISSA)

Read more on Endpoint security