BYOD or Bring-Your-Own- … Ostrich?

When it comes to the bring-your-own-device (BYOD) movement, there are essentially two types of organizations: Those that have programs in place to support it; and those that pretend that, because they have forbidden the practice, it isn’t happening. In the latter group, in which employees are doubtless bringing their own devices, the IT professionals tasked with network security have brought their own ostrich — and its head is buried firmly in the sand.

We all know that mobile devices such as smartphones and tablets bring additional risks. The same can be said of any employee-owned device, including laptops and desktops. Would we like to minimize risk? Of course. But which of the following is riskier?

  • Letting employees who may know little about threats or mitigation strategies sort out what the most appropriate defenses are, install the proper tools, configure them for optimal usability/security and maintain all this in the face of an ever-changing backdrop of newly-discovered vulnerabilities and attack types.
  • Letting subject matter experts chart the course and enable members of the user community to focus on their daily jobs.

Bear in mind that there is not a third option since the devices will inevitably make their way into the environment in one way or another. The only question is whether firms want the employees bringing in these devices to decide on a security strategy for themselves or to allow professionals to provide the necessary training and infrastructure to guide the process.

A Brief History Lesson

Remember when all computing was done under tightly controlled environments? All computers were on raised floors behind access-controlled doors, with security guards logging everyone’s comings and goings, all under constant surveillance by security cameras. (Alright, so maybe some of you don’t remember this. Just take my word for it. It really happened.)

Then, the first PCs burst onto the scene, and the idea that sensitive data might now sit on or under someone’s desk in an open cubicle caused the security department to break out in hives. As if that weren’t enough; laptops soon started showing up, and it was as if the data center had grown legs and could now be carried to and from external meetings just as easily as it could end up at the beach with an employee wanting to check email from time to time while on vacation. Worse still, this precious resource could get nabbed from a hotel room or car seat and wind up in the hands of a competitor in short order. By that point, the hives were breaking out in hives of their own.

But, as we all know, it didn’t stop there. Now, we have mobile devices with the power and storage capacity of yesterday’s mainframes in a size that fits conveniently in an employee’s pocket — or on the floor of the taxi that employee took an hour ago. At this point, the medical analogies fail me.

The point is that, with each turn of the technological crank, doomsayers have predicted the end of IT security as we know it; and yet, life goes on. Not only has the world not come to an end, but smart organizations have figured out how to ride the waves of new technology and improve their competitiveness in the process. When viewed from this historical perspective, it becomes clear that those companies that figure out how to leverage change and manage risk are going to be the winners. The others? Well, we will get to read about them in the history books.

BYOD Is Just the Beginning

It’s not only devices that employees are introducing into the equation; it’s also public cloud services such as iCloud, Gmail, Dropbox, Evernote and so on. In fact, the more we move to mobile devices with always-on Internet connections, the more we are going to leverage these capabilities because they were made for each other. Any attempt to pre-emptively block all public cloud services is just as likely to fail as an attempt to prohibit the use of smartphones and tablets for business purposes. The better strategy is, once again, to figure out how to get out in front of the trend and exercise prudent control over how these devices and services can be used in a secure manner instead of simply forbidding them and running the risk of driving their use underground, where you will no longer have the ability to influence how they are used.

In the end, users are going to bring their own devices, clouds and anything else that awaits on the technological horizon. The only question is whether you also want them to bring their own security as well while the organization chooses to hang out with the ostriches.

More from Endpoint

Deploying Security Automation to Your Endpoints

Globally, data is growing at an exponential rate. Due to factors like information explosion and the rising interconnectivity of endpoints, data growth will only become a more pressing issue. This enormous influx of data will invariably affect security teams. Faced with an enormous amount of data to sift through, analysts are feeling the crunch. Subsequently, alert fatigue is already a problem for analysts overwhelmed with security tasks. With the continued shortage of qualified staff, organizations are looking for automation to…

Threat Management and Unified Endpoint Management

The worst of the pandemic may be behind us, but we continue to be impacted by it. School-aged kids are trying to catch up academically and socially after two years of disruption. Air travel is a mess. And all businesses have seen a spike in cyberattacks. Cyber threats increased by 81% while COVID-19 was at its peak, with 79% of all organizations experiencing a loss of business operations during that time. The risk of cyberattacks increased so much that the…

3 Ways EDR Can Stop Ransomware Attacks

Ransomware attacks are on the rise. While these activities are low-risk and high-reward for criminal groups, their consequences can devastate their target organizations. According to the 2022 Cost of a Data Breach report, the average cost of a ransomware attack is $4.54 million, without including the cost of the ransom itself. Ransomware breaches also took 49 days longer than the data breach average to identify and contain. Worse, criminals will often target the victim again, even after the ransom is…

How EDR Security Supports Defenders in a Data Breach

The cost of a data breach has reached an all-time high. It averaged $4.35 million in 2022, according to the newly published IBM Cost of a Data Breach Report. What’s more, 83% of organizations have faced more than one data breach, with just 17% saying this was their first data breach. What can organizations do about this? One solution is endpoint detection and response (EDR) software. Take a look at how an effective EDR solution can help your security teams. …