Moving Ahead With BYOD: How to Stay Secure

Bring-your-own-device (BYOD) has become a revolution as more and more organizations allow their employees to use their own mobile devices for work purposes. It is advantageous for employees to use their own devices because of the shift in cost responsibility from employers to employees, improved work flexibility and better work-life balance. Employees can now work just about anywhere at any time.

Is BYOD Really Good Enough?

The benefits of BYOD are too tempting to ignore, but the movement also comes with many security and privacy headaches. First and foremost, it increases the organization’s security investment. Personally owned mobile devices are an easy target for cybercriminals, and cybersecurity risk for organizations that permit BYOD is higher when compared to companies that require the use of organization-owned assets.

Sensitive and confidential data will be at risk because of unsecured Wi-Fi or Bluetooth. When an employee leaves the organization, the organization must ensure the employee doesn’t keep any information on his or her personal devices. Employees are free to install any software on their device, but the organization must ensure the software is secure and doesn’t pose any threat to enterprise applications. In many cases, employees back up their information online. Organizations must ensure their business information is not being backed up and accessed by an unauthorized third party or competitor.

There are many traditional security solutions for BYOD, such as guidelines for employees, security awareness training, strong password protections for lock screens, encryption, remote data wipes and mobile antivirus. These solutions provide security and a sense of confidence. Now, it’s time to think beyond these solutions. How can organizations make their BYOD security policies, traditional guidelines and solutions more secure?

Leverage Cloud Computing Solutions

The benefit of using cloud computing solutions for BYOD is that all the data can be stored and accessed through the cloud rather than kept locally. With these solutions, all the data processing and storage will be done outside the mobile devices.

Use Mobile Virtualization

This will let employees have multiple profiles or platforms — most importantly, one instance for personal use and another for business use. The greater benefit is that all the data processing, storage and sharing will be completely separate from both profiles. The next level will be achieved when the network and data connectivity can be completely cut from the personal profile when the employee accesses the work profile, and vice versa.

Strengthen the Mobile VPN Solutions

Mobile virtual private network (VPN) solutions can be improved through additional mobile-aware management, such as administrative alerts for security concerns. Additional security functions could be added that enforce access policies based on the network in use. These all will give visibility and control over devices that may not be on the corporate premises or connect through networks outside the organization’s direct control.

Invest More in Mobile Device Management

Mobile device management systems are a great way to manage all devices and easily enforce security policies. Other measures include remote data wipes, strong PINs and passwords, locking the device after a certain period of inactivity and allowing employees to use more secure in-house applications. Also, organizations should generate compliance reports that alert the employee and compliance team of any identified noncompliance.

Create an Ecosystem

Organizations can set up their own app store, develop their own enterprise and corporate applications and push them to devices through their app store. They will then have more control and security by using in-house applications. It is important to develop the application in such a way that employees love to use it and don’t look for any alternative third-party applications for emailing, chatting or video conferencing.

Regularly Update the BYOD Policy

Organizations might add that they have the right to remove any supplied applications from a device as a result of a violated BYOD policy. Also, the policy should include instructions for employees on how they are expected to follow all safety guidelines and use common sense when working on personal devices.

Some of these solutions are already available on the market; it’s up to organizations to decide which solutions will be good for them and provide a sense of confidence when deploying BYOD. Organizations must not forget that BYOD is more than just a policy; it’s a shift in corporate culture. Organizations and employees both play an important role in keeping this going. By keeping security in mind, it shouldn’t be too complicated for employees to use their own devices as the organization looks for innovative and advanced technology to deploy BYOD.

Read the study: Mobile Dating Apps Can Place Corporate Information at Risk

Contributor'photo

Prafulla Mannewar

Compliance & Controls Consultant, IBM

Prafulla is Info Security Consultant in IBM GTS Security, Regulatory and Risk Management . He brings over 11 years of...