Saturday, September 1, 2012

Security Implications of BYOD | Business 2 Community

Q & A with Peter Cattaneo, vice president of business development at Intercede ?

According to a January 2012 comScore report, there are now more than 100 million smartphone subscribers in the United States. It seems almost daily that yet another mobile device enters the market and quickly becomes a must-have for consumers. As consumers continue to adopt an always on, always connected lifestyle off-the-job, they are increasingly bringing an expectation of flexible, computing ?anywhere, anytime.?

?Bring Your Own Device,? or BYOD, is a growing trend in which corporate and government employees are using smartphones and tablets to access, create and manage content both at work and for personal computing ? all from the same device. This trend creates challenges for corporate enterprises and even greater challenges for network administrators maintaining compliance with today?s policy.

For organizations looking to allow personal devices in the workplace, this interview will provide insight around how to securely manage BYOD addressing software, operations and policy issues.

What are the security implications of BYOD?

A recent survey, conducted by CIO Insight, polled enterprise IT managers from across the country asking for their insights around BYOD. It found that 17 percent of respondents believe BYOD might improve employee productivity and 15 percent believe BYOD can be leveraged to reduce overall mobile spending. Of the 116 IT professionals surveyed, it?s clear that they all aware of the impact of BYOD and are concerned by the potential risks to their organizations? sensitive data. Information once available on a mobile company-controlled device can now be accessed on a wide range of open and often unmanaged mobile devices such as smartphones or tablet.

Why would this be different from normal endpoint security?

Organizations do not have the same degree of control over personal devices that they have enjoyed with company-provided equipment. They don?t select the device based on security properties and make the purchase from a reliable source. They also can?t select the operating systems (OS) and mandate patch levels nor can they vet all the applications on the device. The end user is trusted to purchase a reasonable device and manage it at an adequate level.

Moreover, the usage of the device is no longer limited exclusively for corporate purposes. Users may engage in behavior with a personal device they would never consider with a company-issued smartphone.

What steps can IT professionals take to mitigate / avoid problems?

The first step is to recognize that BYOD is different and develop policies and procedures that reflect the new issues that are raised. It also is critical to take the next step and engage with the user community. BYOD is happening because end-users are very savvy about these powerful devices. They can contribute knowledge about their successful operation and management, but also they need to be educated about the best practices to maintain the security of the device and to remain in compliance with company policies.

It is important to provision the device with the identity of the end-user and use this identity for authentication to access corporate assets. Use of this identity should be restricted to specific applications that are IT-approved and should be protected. This can be with a personal identification number (PIN) or password specific to the corporate ID. Some devices now can be equipped with fingerprint scanners as a PIN replacement.

Strong lifecycle management of the identities linked to mobile device and the associated credentials is an essential component. Make sure you know who is authorized for each device, and that you have the processes to review, audit and if required terminate this access.

What might be the unforeseen problems of BYOD in a security context?

With BYOD adoption here and increasingly growing within enterprises, it?s vital that organizations forecast, identify and prepare for both potential and unforeseen problems. These may include:

  • The personal password: End-users are accessing more and more online services ? such as LinkedIn, Facebook ? via mobile devices. These users, often, leverage the same passwords for work and personal applications raising serious security concerns.
  • The device plethora: With the rapid development of new devices, end-user upgrade cycles have changed which could potentially expose weaknesses in the device. Not all device vendors adhere to the same standards of security in their development. And even larger differences emerge in the management of upgrades to the device software, both at the OS and application level.
  • Understanding the legal issues: If investigations are required can the personal devices be accessed?? And if a device is investigated, how is personal data to be managed?
  • Separating business from pleasure: The separation of personal data / call usage and company data / call usage is a challenge businesses must address.

What are the pros and cons?

The benefits of BYOD include:

  • Increased productivity: Employees are selecting and becoming expert users of powerful new devices. The ability to carry out business operations anywhere and at any time drives productivity.
  • Cost saving: Companies can save money by allowing employees to use their personal device and not purchasing an additional corporate device. With today?s smartphones ranging from $200 to $500 dollars ? the savings can be significant for enterprises of all sizes.
  • Ease of use: Employee satisfaction is higher when given the chance to use their personal device and not have to learn and carry a second, corporate-issued device.
  • Security: A heterogeneous set of frequently changing devices is hard for an attacker to target.

Potential drawbacks of BYOD include:

  • Security: Personal devices can lead to greater security risks if viruses / malware / spyware infect devices used for corporate access.
  • Different risks: BYOD creates a potential to lose control of sensitive data due to a different set of risks than corporate-owned devices. It?s important to have policies and procedures that address these differences.
  • Lack of root of trust: Without knowing the origin of the devices, it?s hard to know the trust level.

What are the top five tips for secure BYOD?

  • Do not ignore BYOD ? employees already may be using their personal devices to access corporate resources.
  • Decide what the business applications for BYOD are and build a policy around them.
  • Focus on the company data, not the device.
  • Authenticate the individual, just because it is a known device does not mean it is a known user accessing it.
  • Educate end-users and make them part of the solution.

Author: Peter Cattaneo???? Peter Cattaneo on the Web

Peter Cattaneo Vice president of business development at Intercede

?Mr. Peter Cattaneo has been active in the security field for more than 15 years. At Sun Microsystems, he managed the successful worldwide adoption of Java Card technology for mobile telephony, payment, logical access and physical access. At Intercede, he is? View?full?profile

Source: http://www.business2community.com/tech-gadgets/security-implications-of-byod-0268027

us open tennis us open tennis aaliyah Empire State Building shooting Republican National Convention Karlie Redd ufc

Posted by at

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)