April 1, 2014 By Jeff Crume 3 min read

BYOD or Bring-Your-Own- … Ostrich?

When it comes to the bring-your-own-device (BYOD) movement, there are essentially two types of organizations: Those that have programs in place to support it; and those that pretend that, because they have forbidden the practice, it isn’t happening. In the latter group, in which employees are doubtless bringing their own devices, the IT professionals tasked with network security have brought their own ostrich — and its head is buried firmly in the sand.

We all know that mobile devices such as smartphones and tablets bring additional risks. The same can be said of any employee-owned device, including laptops and desktops. Would we like to minimize risk? Of course. But which of the following is riskier?

  • Letting employees who may know little about threats or mitigation strategies sort out what the most appropriate defenses are, install the proper tools, configure them for optimal usability/security and maintain all this in the face of an ever-changing backdrop of newly-discovered vulnerabilities and attack types.
  • Letting subject matter experts chart the course and enable members of the user community to focus on their daily jobs.

Bear in mind that there is not a third option since the devices will inevitably make their way into the environment in one way or another. The only question is whether firms want the employees bringing in these devices to decide on a security strategy for themselves or to allow professionals to provide the necessary training and infrastructure to guide the process.

A Brief History Lesson

Remember when all computing was done under tightly controlled environments? All computers were on raised floors behind access-controlled doors, with security guards logging everyone’s comings and goings, all under constant surveillance by security cameras. (Alright, so maybe some of you don’t remember this. Just take my word for it. It really happened.)

Then, the first PCs burst onto the scene, and the idea that sensitive data might now sit on or under someone’s desk in an open cubicle caused the security department to break out in hives. As if that weren’t enough; laptops soon started showing up, and it was as if the data center had grown legs and could now be carried to and from external meetings just as easily as it could end up at the beach with an employee wanting to check email from time to time while on vacation. Worse still, this precious resource could get nabbed from a hotel room or car seat and wind up in the hands of a competitor in short order. By that point, the hives were breaking out in hives of their own.

But, as we all know, it didn’t stop there. Now, we have mobile devices with the power and storage capacity of yesterday’s mainframes in a size that fits conveniently in an employee’s pocket — or on the floor of the taxi that employee took an hour ago. At this point, the medical analogies fail me.

The point is that, with each turn of the technological crank, doomsayers have predicted the end of IT security as we know it; and yet, life goes on. Not only has the world not come to an end, but smart organizations have figured out how to ride the waves of new technology and improve their competitiveness in the process. When viewed from this historical perspective, it becomes clear that those companies that figure out how to leverage change and manage risk are going to be the winners. The others? Well, we will get to read about them in the history books.

BYOD Is Just the Beginning

It’s not only devices that employees are introducing into the equation; it’s also public cloud services such as iCloud, Gmail, Dropbox, Evernote and so on. In fact, the more we move to mobile devices with always-on Internet connections, the more we are going to leverage these capabilities because they were made for each other. Any attempt to pre-emptively block all public cloud services is just as likely to fail as an attempt to prohibit the use of smartphones and tablets for business purposes. The better strategy is, once again, to figure out how to get out in front of the trend and exercise prudent control over how these devices and services can be used in a secure manner instead of simply forbidding them and running the risk of driving their use underground, where you will no longer have the ability to influence how they are used.

In the end, users are going to bring their own devices, clouds and anything else that awaits on the technological horizon. The only question is whether you also want them to bring their own security as well while the organization chooses to hang out with the ostriches.

More from Endpoint

Unified endpoint management for purpose-based devices

4 min read - As purpose-built devices become increasingly common, the challenges associated with their unique management and security needs are becoming clear. What are purpose-built devices? Most fall under the category of rugged IoT devices typically used outside of an office environment and which often run on a different operating system than typical office devices. Examples include ruggedized tablets and smartphones, handheld scanners and kiosks. Many different industries are utilizing purpose-built devices, including travel and transportation, retail, warehouse and distribution, manufacturing (including automotive)…

Virtual credit card fraud: An old scam reinvented

3 min read - In today's rapidly evolving financial landscape, as banks continue to broaden their range of services and embrace innovative technologies, they find themselves at the forefront of a dual-edged sword. While these advancements promise greater convenience and accessibility for customers, they also inadvertently expose the financial industry to an ever-shifting spectrum of emerging fraud trends. This delicate balance between new offerings and security controls is a key part of the modern banking challenges. In this blog, we explore such an example.…

Endpoint security in the cloud: What you need to know

9 min read - Cloud security is a buzzword in the world of technology these days — but not without good reason. Endpoint security is now one of the major concerns for businesses across the world. With ever-increasing incidents of data thefts and security breaches, it has become essential for companies to use efficient endpoint security for all their endpoints to prevent any loss of data. Security breaches can lead to billions of dollars worth of loss, not to mention the negative press in…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today