A recent survey that measured the prevalence of bring-your-own-device (BYOD) in the workplace suggests that adoption is still on the uptick. The results gathered by InformationWeek found that 68 percent of the 424 IT professionals polled work in organizations that allow BYOD, up from 62 percent just 11 months prior.
The survey also found that BYOD is poised to become even more popular with 20 percent of respondents who answered “no” saying they’re in the process of developing a BYOD policy.
The benefits of BYOD for the enterprise — lower equipment costs, fewer owned devices to manage and more productive end-users — are responsible for driving this trend. But Jane Wasson, a senior product-marketing manager for Dell’s SonicWALL, said in an online presentation Tuesday that adoption comes with risks that need to be managed with effective security precautions.
“Mobile workers have gotten a taste of how access to business applications can improve productivity…and they’re now wanting to extend that,” she said. “The challenge to IT organizations is trying to provide simple access to mission-critical applications in a BYOD environment, and yet protect the corporate network from mobile security threats.”
Wasson identified two primary threats facing enterprises today — data loss from theft and malware infection. She dedicated the bulk of her presentation to discussing the complexities of each and what organizations should do to protect corporate data from potentially harmful intrusions.
Here’s a breakdown of her main points:
Data loss and theft mainly occurs at three points of vulnerability
- Data center – It’s where the crown jewels of corporate data are kept. As a result, organizations must require mobile users to authenticate their devices with robust passwords. Additional levels of protection are recommended in case hackers are able to break through.
- In-flight data – Mobile users often rely on public Wi-Fi hotspots to conduct business, but theses nodes aren’t always encrypted, providing a prime opportunity for hackers. Organizations should provide SSL VPN platforms to provide secure channels for data in transit.
- Data on device – Devices lack a great deal of storage, but still pose a security risk if one containing sensitive data is either lost or stolen. Organizations can mitigate this risk by investing in mobile-device management and containerization solutions.
Malware enters corporate networks through three main areas
- Tampered devices – Jail broken or rooted devices can bypass app stores operated by Microsoft, Google and Apple to access downloads elsewhere that haven’t undergone industry-standard security assessments. IT should have solutions that can “interrogate” devices and block tampered ones from accessing the network.
- Files and URLs – Even devices that are approved for BYOD programs can still become infected when users access malicious files. The key to protecting the network against this threat is to have a next-generation firewall that can scan incoming traffic for malware and stop suspicious downloads within seconds.
- Disreputable websites – Peer-to-peer networks are notorious for facilitating the transmission of malware. The use of these file-exchange platforms on a corporate network can spell disaster for IT. For this reason, organizations should invest in a firewall that can control application traffic, giving them a tool to block troublesome sites and apps with pinpoint accuracy.