Opinion: BYOD can be secure with the right measures
By Bitglass CTO Anurag Kahol
Bring your own device (BYOD), in which employees work from personal devices such as mobile phones and laptops, is quickly becoming the norm in today's business environment.
Companies that embrace BYOD are giving employees more freedom to work remotely, resulting in increased productivity, cost savings, and talent retention.
85% of organisations now allow BYOD for at least some of their stakeholders, including employees, contractors, partners, customers, and suppliers.
However, BYOD does change an organisation's threat landscape and requires security tools that differ from those used to protect managed devices.
Some believe that BYOD is inherently riskier than the traditional way of operating.
Consider the following findings from a recent report on BYOD and security:
- One in five organisations lacks visibility into basic, native mobile apps on personal devices
- Only 56% of companies employ key functionality like remote wipe for removing sensitive data from endpoints
- 43% of organisations don't know if any BYO or managed devices downloaded malware, indicating a significant lack of visibility
- 24% of organisations don't secure email on BYOD at all.
These statistics indicate that companies are not entirely prepared to secure data in BYOD environments.
In addition to the above, 51% of respondents believe that the volume of threats targeting mobile devices will continue to increase.
Because many BYO devices are personal mobile endpoints, these trends continuing unabated will lead to many breaches in the future.
While 15% of companies still do not allow BYOD, it is possible that in the coming years, they will alter their practices in order to maintain a competitive stance in the market.
Additionally, when implementing BYOD, it is essential that these organisations add proper security controls concurrently – not weeks, months, or years after the fact.
Some of these controls include the following:
- Single sign-on (SSO): The absolute minimum requirement for basic identity and access management (IAM) in cloud and BYOD environments. SSO serves as a single entry point which securely authenticates users across all of an enterprise's cloud applications.
- Multi-factor authentication: A tool that requires a second method of identity verification before employees or other users are allowed to access resources.
- For example, after inputting their passwords, users may be prompted to verify their identities through an SMS token sent via email or text, Google Authenticator, or a hardware token that they carry physically.
- User and entity behaviour analytics (UEBA): Analytics that provide a baseline for normal user activity and detect anomalous behaviour and actions in real time, allowing IT departments to respond accordingly and automatically.
- Data loss prevention (DLP): Various tools capable of allowing, blocking or providing intermediate levels of data access; for example, through redaction, digital rights management (DRM), and more.
- Selective data wipe: This allows administrators to wipe all corporate data from a device without affecting personal data; for example, photos, contacts, calendar events, emails, text messages, and other items.
In BYOD environments, employing all of these tools and best practices requires that organisations leverage agentless solutions deployed in the cloud.
Tools that demand software installations on personal devices invade user privacy and harm device functionality.
This frustrates employees, impedes deployments, and counters the many benefits of BYOD.
Fortunately, agentless tools are capable of securing data without these disadvantages – all while offering highly specialised capabilities.
For example, agentless advanced threat protection can detect and halt threats as they are uploading to an application, as they are being downloaded to a device, or when they are at rest within the cloud.
BYOD can be fully secured if companies leverage the proper tools.
However, organisations that insist on securing personal devices with the same strategies used to protect corporate endpoints will continue to find that they are incapable of protecting their data.
Through an agentless approach that leverages the above tools, companies can embrace the benefits of BYOD without compromising on data protection.