In a white paper released by Tangoe, Inc. “Bring Your Own Device” or more simply known as BYOD, has been shown to be more of a threat to corporate security than once thought. Some organizations allow their users to use devices freely on their corporate network, others require security measures to be taken prior to use, and some don’t allow it at all. Many corporations haven’t taken measures to protect their networks from users as they simply don’t see it as that great of a threat, but that is soon to change.
The white paper released by Tangoe states that “50 percent of businesses in the U.S. and EMEA allow BYOD access to secure corporate networks, while 23 percent of BYOD workers claim their device is not an IT approved device.” These rogue devices can easily breach a hole in security, and many times, all it takes is one device to cause a lot of damage. What if it’s not just one device though? According to PriceWaterhouseCooper’s global survey of CIO’s in 2011, 28% of their workforce used personal devices for work-related tasks and that this number was expected to grow to 35% within two years. We already have seen that many of these devices are probably not IT approved ones either. PwC also found in their 2012 Global Information Security Survey, that only 43% of enterprises have even developed a strategy for user-owned devices like smartphones and tablets. That means the majority of organizations have yet to even put security policies or procedures in place for employee-owned devices being used on their network. As employees are doing more and more work from personal devices, this is an issue that must be addressed.
The white paper states “Despite news headlines to the contrary, the largest risk to your organization, is not a hacker or malware, but a well-intentioned employee with an unmanaged personal device”. So what can we do to help protect ourselves from this growing threat, while still allowing the freedom that BYOD allows? Here are some tips:
- Create and Enforce Written Policies and Procedures
- Require Encryption
- Require Remote Wipe Capabilities
- Build your own Enterprise App Store to Manage Applications
- Prevent Devices with Blacklisted Apps from Accessing Network
- Build a Trust Structure that Limits Access to Those Who Need it
Almost 75 percent of a group surveyed by Fortinet actively use personal mobile devices in the workplace. The reason for this behavior appears to be the need to stay connected at all times—always being able to access their favorite apps, social media, and emails, even while on work time. This was deemed acceptable by the employees as they often worked during personal time from the same devices. This poses the question, is it acceptable to monitor device traffic during work hours only?
Developing a strategy to deal with BYOD issues is key to having a safe and secure network. In many cases, devices are being used without the company’s knowledge, and if it is not controlled and secured it is a recipe for disaster. Whether you decide to completely lock it down, or allow some freedom, it is imperative that you construct policies and procedures for handling personal devices in the workplace.