The BYOD & Mobile Security Report has just been released, shedding light on where the industry is with its adoption of BYOD and its capabilities in securing it. The report is presented by Tenable Network Security, SnoopWall, Skycure, Check Point, Blancco Technology Group, Bitglass and the Information Security Communtiy of LinkedIn.
Surveying over 800 IT security professionals, the survey found that 72% of Infosec pros were concerned by the risks of data leakage/loss when implementing BYOD. The other major security concerns associated with BYOD were unauthorised access to data/systems (56%), users downloading unsafe apps and content (54%) and malware (52%). In short, it looks like there’s a lot to worry about. But is it really that dangerous?
Well the survey found that the greatest inhibitor to BYOD was in fact the concerns about security. 39% of respondents cited security fears in this way. The next most common inhibitor was employee privacy concerns – something only 12% of respondents cited as the chief inhibitor. Just 15% of those surveyed said they didn’t experience any resistance to BYOD adoption. Considering everyone I know brings a smartphone to work, that’s a pretty concerning statistic.
To get a further insight, The Guru spoke to Blancco Technology Group CEO Pat Clawson, who added the following:
What steps do organizations need to take to ensure employees are safe when adopting BYOD? And conversely, what do employees need to do/know to protect organizations and sensitive information?
There are four key situations where mobile data erasure is absolutely necessary: at equipment end of life, when equipment is serviced, when loaner devices are returned and when equipment is repurposed.
At Equipment End-of Life: When a mobile device is retired, it’s either discarded or resold. For BYOD devices, in particular, that often involves returning the device to the equipment manufacturer’s store. For corporate-owned mobile devices, that typically means sending the device to a recycler. In either case, any corporate or personal data contained within the device must be erased safely and permanently so that it can never reemerge, whether it’s accidental or intentional.
When Equipment Is Serviced: If mobile equipment is serviced in-house, it remains in a secure environment, and there’s no need to erase its data. But, and this is very important, if the device will be serviced by an external entity such as a mobile device manufacturer’s retail store, you should be sure any and all sensitive data is removed before servicing takes place.
When Loaner Devices are Returned: Mobile users who have their equipment serviced at a repair center are often given loaner devices to use until their original devices have been fixed. If and when these loaner devices are used to access corporate systems, all of the files, texts, contact information, emails and media files should be erased before they’re returned to the servicer.
When Equipment is Repurposed: When many corporate users replace their BYOD devices, they retain their old equipment or give it to their children or to other family members to use. Any corporate data that remains on those repurposed devices can easily become a liability and leave businesses vulnerable to a costly and dangerous data breach.
Who should ultimately be responsible for BYOD security?
BYOD security should be owned by IT. They implement the systems/processes to rollout to the employees who adhere to those. Although every department and every person may be accessing data, it is up to IT to enable those other groups with the necessary tools to help employees be as productive and efficient as possible, while also keeping corporate data secure.
One way to do this is to make sure data erasure software is pre-installed before mobile devices are allowed to connect to the corporate network. That way the devices can be wiped clean from the cloud when it’s time for the employee to leave the organization. Another way to do this is to use a mobile diagnostics tool that employees can use themselves to optimize their device functionality and performance, without having to ask the IT help desk for support.
So it’s fair to say that BYOD is another example of security being an afterthought as we develop the tech that’ll change our daily lives – both personally and professionally. As the industry evolves, we expect BYOD to have an impact almost as significant as the introduction of the Internet itself to the workplace. Whether it’ll deliver results securely is something we’ll have to wait to find out.
