Can companies bank on IT security during the BYOD shift?

By Jeff Willis, Director B2B Solutions at Toshiba

JeffPortable devices have changed a lot since the first laptops arrived in the 1980s. Over the years they have evolved beyond recognition with consumer innovation driving adoption and influencing businesses where, workers are consumers, and are driven by the desire to have the latest tablet or smartphone. It is easy to see why we are seeing a clear shift towards increasing Bring-Your-Own-Device (BYOD) culture. According to Gartner, about half of the world’s companies will adopt BYOD by 2017 and will stop providing computing devices to employees’ altogether.

The innovative and cutting-edge nature of those devices means that a smartphone or tablet is now capable of handling many of the applications and demands required in the business world; in addition staff can write notes in meetings by using smart pen technology on a tablet or smartphone, submit reports on a train on their way back from a meeting, and attend conference calls wherever they are, all thanks to integrated cloud technologies.

However, there is still reluctance from many firms to adopt BYOD. This is due to concerns about network security, data protection, user support, and manageability of employee supplied devices. This could bring concerns about the practicalities of BYOD and the cost of applying policies and support across a varied estate of smartphones, tablets and PCs. However, companies might want to consider a gradual case-by-case implementation and many employees value having a companion device, such as a tablet to a notebook. For some companies implementing BYOD tablets could be a natural fit to their smartphone management via MDM (Mobile Device Management) tools.

Then there are unwarranted security fears – what if a company laptop is left on a train, or a tablet or smartphone is stolen? How can a business protect the confidential and sensitive information held on the device if this happens? It opens doors to a range of nightmare scenarios for a company, from jeopardising their relationship with customers, to opening themselves up to lawsuits for breaching privacy laws. Such breaches are especially destructive within the banking and financial sector, where a leaked document can have potentially massive compliance and financial implications for both companies and individuals. From that view point companies should consider how to use MDM to restrict what apps and data users and devices are able to access and to ensure that security policies are enforced. Furthermore, all data on devices should be encrypted.

Lost or stolen devices
A recent report from the Corporate Executive Board found that the loss of a company device is now considered the biggest threat to IT security in a business. While this is an understandable area of anxiety, there are steps companies can take to put CTO minds at ease when signing-off a BYOD policy. MDM can also help in this area by geo-fencing devices so as they are only used in certain locations or by enabling a device to be remotely wiped if it is lost.

Company-controlled restrictions
The usual procuration to ensure that password compliance is followed and be aided by identification technology, which is often built into products, is a great example of how employees can quickly and easily help to protect their devices. If companies can’t control this on an employee-owned device MDM can enforce policies on password use and strength.

Hidden protection
While identification technology is a good preventative strategy, businesses should also be prepared for the possibility that a device may not be locked when it is stolen. It’s therefore important to take more device-specific precautions, such as remote disabling and wiping, or data storage encryption which can be managed through MDM solutions. Although each works in a different way, they allow companies to achieve the same thing and protect data leakages.

Companies can also potentially recover lost or stolen items as these solutions can effectively trace the location of a device, which can then be relayed to the police, whilst an MDM solution can simultaneously wipe the already-encrypted data remotely.

But businesses have even more tools in their security toolbox, as they can monitor any suspicious activity taking place when a product is being used remotely. For example, a business could spot that a device is suddenly in another city when the employee is in a different area delivering a presentation for example. This would give early indication of theft, sometimes even before a member of staff has realised it’s missing.

To forge an even stronger barrier around a company’s data, IT managers could also restrict access to certain apps or data in accordance with an employee’s location. For example, access to a confidential database could be restricted, meaning staff can access it while in the office, but not if they are working from home, or in a public place. This would also limit risks that users aren’t even aware of, such as running apps that are permitted access to internal data – some of which could be company-owned and confidential.

These are only some examples of the range of solutions available designed to help businesses manage, protect and recover data. According to Gartner, the threats of BYOD drove worldwide security software revenue to £12.67bn in 2012, up 7.9 per cent annually. That additional spend is good news, suggesting that the wave of security products hitting the market will become more and more innovative and offer companies secure solutions to guard against the loss or theft of a device, The onus is on the companies themselves to gradually invest in this technology.





Related Articles