By Richard Bible, F5 Security Solution Architect EMEA
As the tide of consumer devices continues to work its way into the corporate environment, organisations are moving – slowly, in most cases – from fighting BYOD, to embracing it. Financial firms in particular are grappling with the trials of enabling flexible, mobile working while protecting their highly confidential data. But how is the trend evolving, and what challenges does it throw up?
The financial industry is obviously among the most highly regulated of all, but three specific pieces of legislation are influencing how we treat data accessible on corporate devices.
Firstly, the PCI Security Standards Council Data Security Standard regulation (PCI DSS), which tackles how data is stored and aims to prevent the loss of any sensitive information. Secondly, the ISA’s ISO270001 requirement, which deals with the fact that BYOD devices may be considered a corporate asset and can be met by using a mobile device management vendor. And thirdly, the UK Data Protection Act, focusing specifically on logging and reporting and provides organisations with visibility and understanding of what the employees are doing on their devices.
With a variety of different devices and smarter ways of working, the problem becomes far more complex than it was in the PC era; policies now have to take into account far more than simply an employee’s grade. Organisations have to carefully manage which applications are accessible on employee devices, when they should be able to access them and what they can use the apps for.
However, there’s an interesting evolution of the BYOD trend of which we’re starting to see more. Several of our customers are increasingly talking to us about the rise of Bring Your Own Network, where employees are turning their mobile devices into personal hotspots, allowing them to use other platforms to get around the strict controls that have been put in place. It’s not necessarily a new problem, but as employees get more tech savvy, more and more are accessing corporate content on external networks.
The approach to tackling the rise of BYON is exactly the same as BOYD – focussing on the applications, not the devices. And to do this properly, you need technology which combines Mobile Application Management and Mobile Device Management, allowing IT to remotely control employees’ devices, without placing undue restrictions that irritate employees, prevent widespread uptake and inhibit a successful deployment.
The two aspects complement each other well: MDM will take care of basic security and controls, while MAM tools will unlock the full potential of the devices, increasing employee productivity. For IT, it limits the burden associated with securing and controlling personal data and mobile use. For employees, it safely separates personal data and use from corporate oversight. This type of solution is still a new addition to the market but by ensuring financial organisations incorporate both an MAM and MDM solution, they will be able to deliver a secure service which suits the business and employee priorities.
So, as BYOD continues to evolve, it’s vital to ensure you continue to be able to balance industry regulation and employee concerns. An enterprise footprint on a personally owned device should be limited to the enterprise data and applications and nothing more; MDM and MAM ensure this remains the case.