SOLUTION BRIEF
BYOD Recharged: 3 Security Challenges to Consider • Approximately 72% of respondents to a Tenable survey said BYOD functionality is available to either all or some employees working at their organisation.1 • At the same time, 39% said malware has been installed on their devices • Another 35% aren’t sure if they’ve been compromised.
Security is a critical issue surrounding the BYOD landscape, but the issues have changed a bit in the past few years as the trend has evolved. A few years ago, discussions tended to center around the fact that BYOD was coming and organisations had to start preparing for it. Now it’s here, and it’s time to revisit security best practices in light of changes within the trend.
3 Major Security Issues Businesses Must Consider When Implementing BYOD Plans Include: 1. Workers are Using Their Phones for More Work When BYOD was just beginning to get its feet wet in the enterprise, most people were using their personal devices to check email, maybe login to a conference call or use social media to keep up with clients and
colleagues. This is beginning to change. The Tenable survey found that 45% of respondents use mobile devices to access and edit documents, 43% use SharePoint or similar intranets, and 28% access cloud apps. The days of treating mobile device security as a secondary consideration because employees weren’t frequently accessing sensitive data on their phones are gone. As your workers start using personal mobile devices to interact with sensitive files and access mission-critical apps, you need to ensure you have the protections in place to ensure data is safe, any regulatory laws are complied with, and proper governance and visibility are in place to ensure best practices are followed at all times.
2. Visibility is Essential An Ovum survey of global BYOD use found that 28.4% of IT departments outright ignore the need to protect end-user devices.2 Perhaps more troubling for IT leaders, however, is the fact that 17.7% of respondents said their IT departments aren’t even aware that their device is being used for work. With BYOD becoming mainstream, many employees may assume that they can use personal devices for work and not think about the security, regulatory, and data management issues that personal device use creates. IT teams must establish policies and procedures that give them complete visibility into and awareness of which personal devices are accessing the network on a regular basis and what those employees are authorised to use their personal devices for.
Continued on next page
08-506 668 00 • LearningTree.se/Cyber2018
SOLUTION BRIEF BYOD Recharged: 3 Security Challenges to Consider (continued)
This transparency is critical because it:
Throw in other advanced technologies, such as:
• Makes it easier to track activity on the network and identify threats.
• Robust single-sign on tools being attached to app platforms - something that lets individuals sign on once and access groups of apps and services without having to go through another authentication loop.
• Allows IT teams to train users taking advantage of BYOD on best practices and policies they must follow. • Enables IT users to assess how any moves, adds or changes may impact apps and services being delivered to personal devices. • Simplifies internal auditing as the IT department has a clear idea of the devices accessing the network. BYOD may require IT teams to let go of some of the control they’ve had over technology systems in the workplace, but they can’t afford to get so loose with guidelines that they lose any ability to establish and enforce best practices. Transparency into how BYOD is being enacted within an organisation is critical here.
• Emerging tools to identify users based on their usage and activity patterns. • Iris or retina scanning for users handling especially sensitive data, something Computerworld identified as a growing trend.3 These types of tools highlight options to make multi-factor authentication an easier, less invasive process for smartphone users. IT professionals have an opportunity to take advantage of these developments to establish more robust authentication best practices within their organisations to ramp up security within BYOD programs.
Ramping Up Security
3. Multi-Factor Authentication is Getting Easier
SE1810 BYOD
A few years ago, the user authentication conversation surrounding BYOD tended to center around a sense of surrender, with technology professionals wanting multi-factor authentication, but an awareness that users probably wouldn’t handle that inconvenience well. Fingerprint scanners, face recognitions, and similar biometric solutions now work well enough and are cost-efficient enough to be features of mainstream mobile products.
Security best practices have changed dramatically in recent years. Many organisations are moving away from sitting back hoping firewalls keep intruders out and are ramping up strategies such as network monitoring and analysis to actively work to prevent threats from gaining a foothold in the network. BYOD is not immune to this evolution, and organisations hoping to keep up with demands of today’s users must consider emerging behaviors and how they can respond. Cyber security is a constantly changing industry, and continuing your education or training your employees can go a long way in staying ahead.
Learning Tree’s collection of courses on security and data protection can help your staff get ahead of threats and stay there. Sources: 1 https://www.tenable.com/blog/byod-and-mobile-security-2016-spotlight-report-results 2 http://www.us.logicalis.com/globalassets/united-states/whitepapers/logicalisbyodwhitepaperovum.pdf 3 http://www.computerworld.com/article/3113028/mobile-security/how-it-works-iris-scanning-improves-smartphone-security.html
08-506 668 00 • LearningTree.se/Cyber2018