70cc710850b21f2cd1027a96d266b2e7aaf4081a

Mitigating BYOD Data Security and Risks



Bring Your Own Device

The rapid pace by which organizations embraces the use of the employees’ own devices to access company data gives rise to several issues that organization must answer to adhere to their data security system commitment. As defined, BYOD (Bring Your Own Device) is the use of employee-owned mobile devices such as smartphones and tablets to access company data contents and networks.

At a time when IT people thought they have had the local network locked down and to some extent secured, BYOD came up and brings with it a litany of unpredicted security challenges. However, an effective BYOD policy can lead to many advantages for companies, such as employee satisfaction, job efficiency, and flexibility as well as providing savings initially from device purchases to the continuing usage and IT support as employees invest in their own devices. 

Photo Source: Venture Beat

How can organizations secure data in a BYOD environment? 

In seeking to implement a BYOD solution, it is of utmost importance that organizations identify its objectives and benefits as well as take into consideration the account security, data, and audit protection requirements. To shield against many security vulnerabilities involved in operating a BYOD stratagem, organizations must recognize the logic and advantages related to allowing employees to gain access from mobile gadgets, likewise putting into effect a perfect security policy to allow it. Furthermore, organizations need to address BYOD issues before permitting employees to bring their own devices to work. These issues should not exclude in ensuring that work data would not be merged with an employee’s data and in case non-employees, such as family members who will use the device, do not have access to work data and most importantly what will happen when an employee loses the device or resigns. 

Organization’s BYOD Objectives 

To seamlessly incorporate BYOD into the objectives of the organization, a multidisciplinary team shall be formed to develop a fully coordinated BYOD strategy that includes IT, legal, human resources, and all organizational departments. IT security personnel can provide organization-provided mobile apps that utilized an encrypted link to directly communicate with company servers, allowing employees an appropriate, user-friendly system for secured remote access. This app could be connected to the mobile device with an MES (Microsoft Exchange Server), thereby permitting the user/s access to contacts, emails, notes, and calendar. To obtain maximum protection, the only information that is instantly needed for display shall be forwarded to that mobile appliance of an employee. In addition, data shall be loaded only into the central memory provided the program is still active. As soon as the program is inactive, not a single data will continue to exist firmly on the appliance, thus in case a device is lost or whatever, there will never be any risk of data being breached, for reason that all the information remains stored on the company servers and not on the device. Also providing organization-provided mobile apps could prevent warrantless access by simply requiring a login procedure and a password.

Photo Source: Digital Guardian

Moreover, the organization should have a BYOD strategy in place that will include MDM (Mobile Device Management), giving IT access to any mobile devices that may have access to the organization’s network along with the potential to revoke access or even expunge a device if it is lost and draw up strategies and protocols for accessing organization data from remote access points. Furthermore, it is foremost to provide an IAM (Identity Access Management) solution to employees that offers two-factor authentication. By mandating every BYOD user the use of more than a single factor authentication, the organization can be more than self-assured that an employee’s device hasn’t simply fallen into the wrong hands. 

Lastly, although there are countless challenges that IT faces in dealing with BYOD, such as data risk-management challenges, empowerment, and usage challenges, IT must anticipate adopting and enforcing a BYOD policy and program as part of its services to the organization.

 

__________________________________________________________________________

  

References:

1. Digital Guardian | BYOD Security: Expert Tips on Policy, Mitigating Risks, & Preventing a Breach

2. ComputerWeekly.com | BYOD:data protection and information security issues

3. WatchGuard | BYOD: Bring Your Own Device – or Bring Your Own Danger?



This site is reader-supported. Hence, it may earn a small commission from affiliated partners for qualifying purchases should you choose to buy through our links.


Post a Comment

Previous Post Next Post