Bring Your Own Device
The rapid pace by which organizations embraces the use of the employees’ own devices to access company data gives rise to several issues that organization must answer to adhere to their data security system commitment. As defined, BYOD (Bring Your Own Device) is the use of employee-owned mobile devices such as smartphones and tablets to access company data contents and networks.
At a time when IT people thought they have had the local network locked down and to some extent secured, BYOD came up and brings with it a litany of unpredicted security challenges. However, an effective BYOD policy can lead to many advantages for companies, such as employee satisfaction, job efficiency, and flexibility as well as providing savings initially from device purchases to the continuing usage and IT support as employees invest in their own devices.
Photo Source: Venture Beat |
How can organizations secure data in a BYOD environment?
In seeking to implement a BYOD solution, it is of utmost importance that organizations identify its objectives and benefits as well as take into consideration the account security, data, and audit protection requirements. To shield against many security vulnerabilities involved in operating a BYOD stratagem, organizations must recognize the logic and advantages related to allowing employees to gain access from mobile gadgets, likewise putting into effect a perfect security policy to allow it. Furthermore, organizations need to address BYOD issues before permitting employees to bring their own devices to work. These issues should not exclude in ensuring that work data would not be merged with an employee’s data and in case non-employees, such as family members who will use the device, do not have access to work data and most importantly what will happen when an employee loses the device or resigns.
Organization’s BYOD Objectives
To seamlessly
incorporate BYOD into the objectives of the organization, a multidisciplinary
team shall be formed to develop a fully coordinated BYOD strategy that includes
IT, legal, human resources, and all organizational departments. IT security
personnel can provide organization-provided mobile apps that utilized an
encrypted link to directly communicate with company servers, allowing employees
an appropriate, user-friendly system for secured remote access. This app could
be connected to the mobile device with an MES (Microsoft Exchange Server),
thereby permitting the user/s access to contacts, emails, notes, and calendar.
To obtain maximum protection, the only information that is instantly needed for
display shall be forwarded to that mobile appliance of an employee. In
addition, data shall be loaded only into the central memory provided the
program is still active. As soon as the program is inactive, not a single data
will continue to exist firmly on the appliance, thus in case a device is lost
or whatever, there will never be any risk of data being breached, for reason
that all the information remains stored on the company servers and not on the
device. Also providing organization-provided mobile apps could prevent
warrantless access by simply requiring a login procedure and a password.
Photo Source: Digital Guardian |
Moreover, the organization should have a BYOD strategy in place that will include MDM (Mobile Device Management), giving IT access to any mobile devices that may have access to the organization’s network along with the potential to revoke access or even expunge a device if it is lost and draw up strategies and protocols for accessing organization data from remote access points. Furthermore, it is foremost to provide an IAM (Identity Access Management) solution to employees that offers two-factor authentication. By mandating every BYOD user the use of more than a single factor authentication, the organization can be more than self-assured that an employee’s device hasn’t simply fallen into the wrong hands.
Lastly, although there are countless challenges that IT faces in
dealing with BYOD, such as data risk-management challenges, empowerment, and usage
challenges, IT must anticipate adopting and enforcing a BYOD policy and program
as part of its services to the organization.
__________________________________________________________________________
References:
1. Digital Guardian | BYOD
Security: Expert Tips on Policy, Mitigating Risks, & Preventing a Breach
2. ComputerWeekly.com | BYOD:data protection and information security issues
3. WatchGuard | BYOD: Bring Your Own Device – or Bring Your Own Danger?
This site is reader-supported. Hence, it may earn
a small commission from affiliated partners for qualifying purchases should you
choose to buy through our links.