BYOD: The why and the how
by Mirko Zorz - Editor in Chief - Friday, 21 June 2013.
Brad Keller and Robin Slade are Senior Vice Presidents at The Santa Fe Group.

In this interview they talk in detail about the challenges involved in evaluating, deploying and maintaining BYOD programs in large organizations.

Today's organizations struggle with providing employees with access to the latest technologies. It's common practice for employees to use their own devices at work for a number of reasons. Some believe BYOD is the answer to a lot of problems, others see it as a complex security issue that introduces a variety of difficulties. What are the pros and cons of BYOD in a large organization?

Today's organizations struggle with providing employees with access to the latest technologies. It's common practice for employees to use their own devices at work for a number of reasons. Some believe BYOD is the answer to a lot of problems, others see it as a complex security issue that introduces a variety of difficulties. What are the pros and cons of BYOD in a large organization?

In a nutshell the challenge is to find a way to deploy in the mobile environment the same types of IT security and privacy protection used for remote access by PCs and laptops. In addition, it is critical that CSO’s consider the data and systems they are going to allow employees to access via a mobile device. What level of data and/or systems exposure are you willing to risk by permitting mobile device access? Will you limit access to just corporate email? And if so, CSOs should consider that confidential or customer information may find its way onto a mobile device as either email content or as an attachment. While this should be addressed in employee training, applications exist that monitor email for this type of content and/or attachments.

No industry is immune to the risks associated with BYOD. For instance, a recent study by the Ponemon Institute found that, "eighty-one percent [of healthcare organizations] permit employees and medical staff to use their own mobile devices such as smartphones or tablets to connect to their organization's networks or enterprise systems. However 54 percent of respondents say they are not confident that these personally owned mobile devices are secure."

Specific challenges include:

Accessible systems and data. Determine the data and systems you’re going to allow to be accessed via a mobile device and perform an assessment of risk exposure (both inherent and residual), as well as risk of loss.

Employee access and usage. It is critical to ensure that only those employees whose job requires access to systems and data via a mobile device have such access.

Device type and operating system. You will need to determine what type of device(s) and operating system(s) will be allowed. There is a wide array of devices and mobile operating systems employees want to use. Mobile device support can be cumbersome and substantially increase expenses to support the wide variety of mobile devices.

Securing the device. Securing the device for company business includes the installation of additional applications for enhanced password security, anti-malware and anti-virus. Current built-in mobile device password capabilities do not meet most corporate standards. Therefore, you will need to identify, select and require applications for the mobile device to enhance password protection and security. In addition, most existing mobile device anti-malware and anti-virus capabilities offer inadequate protection against those threats. Therefore you need to identify, select and require enhanced anti-malware and anti-virus protection.

Spotlight

Fake "Online Ebola Alert Tool" delivers Trojan

Posted on 29 October 2014.  |  Cyber scammers continue to take advantage of the fear and apprehension surrounding the proliferation of the Ebola virus.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Oct 30th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //