BYOD: The landscape and security risks a CIO should consider

Over the past couple of years, one of the biggest shifts that internal IT has experienced has been the move towards BYOD (bring your own device). Nowadays society can’t go more than five minutes without using their mobile devices to check email, Facebook, or their favorite application. As a result, increasing numbers of employees are bringing their own smartphones and tablets to work, and for internal IT, this provides many challenges.

A couple of challenges include how organizations protect themselves from harmful malware and how they protect their business-critical data from being stolen or entering the wrong hands. It’s a major challenge that many CIOs and internal IT departments are struggling to address, because the devices are developing considerably faster than the security solutions to protect them.

The rise in BYOD is in part borne out of workers’ requirements to work from multiple locations and to gain access to real-time information. It’s a wave of change that appears to be quite relentless and much of the industry discussions surround managing it, as opposed to suppressing it.

From our viewpoint, many of the problems occur because users treat their mobile devices as disposable products and don’t consider or realize the rich volume of detail that these devices contain about users’ daily lives and identity. Many protect their devices using PIN code entry but rarely do they use third-party mobile security solutions. I’ve never quite understood this relaxed approach, because a recent report I read highlighted that 90 percent of people acknowledge that they wouldn’t go online using their laptop without a firewall or anti-virus solution in place. So why is there such a relaxed approach when many individuals are spending just as much, if not more time online on their mobile devices? The fact is, without anti-virus or firewall protections on your smartphone and tablets, your device is just as likely to contract a piece of malware as your laptop is.

It seems that a lack of education is fueling ignorance of users toward the threats that they face; and until there is a widespread virus or security threat to mobile devices, consumers are unlikely to act. Instead, I think the onus remains on the “experts” within companies to create and enforce policies that give their organizations adequate security protection. However, this doesn’t mean banning BYOD, but instead embracing it and providing the appropriate tools to help users protect themselves and their organizations.

So what are some of the solutions?

Well the most obvious and simple solution is for an organization to try to enforce PIN protection on devices, but security software companies, such as McAfee, are beginning to release products into the marketplace. For example, the company recently announced the launch of an enterprise mobility management product at the recent Mobile World Congress in Barcelona. Some of its features include sandboxing for email on iOS, blocking of iCloud backup, and application blacklisting for Android and iOS. Another important strand, as  briefly mentioned above, is to ensure, as much as possible, that your employees are educated about the risks to the organization of BYOD and their responsibilities in protecting it.

At brightsolid, we take security very seriously and any devices accessing our data have to support enforceable device level encryption. Additionally, all access to information other than email is through a secure VPN connection, which is available on all mobile and desktop platforms.

The security risks regarding BYOD are likely to be an area that is increasingly topical and one that we will be continuing to watch very carefully. If you have any thoughts on this area, we would be delighted to hear them. You may leave a comment below or connect with us through Twitter @brightsolid_tec.