Bring your own device (BYOD) policies are a double-edged sword for organizations. On the one hand, they want to save money by not purchasing hardware, and on the other, having all your employees plug into the company network can prove to be a nightmare. Chief Security Officers (CSO) have the unenviable task of coming up with a solution that can safeguard company asset while at the same time protecting the privacy of their employees. The report, titled, “CSO Peers Share Their Latest Strategies for Enabling Secure BYOD: New Strategies help Balance Corporate Security with Employee-Owned Devices” from Wisegate tries to find the right answers from the people that are most aware with the issue, CSOs.
IT personnel want more than anything to control everything in their domain and BYOD has thrown a wrench in that scenario. Controlling your domain means it is possible to find out what comes in and out of the network, and employees with their smartphones can go in and out as they please. This creates a host of problems that can potentially bring down the company network.
While cyber attacks from international criminals and rogue governments and DDoS attacks are still a major priority for CSOs, they count BYOD as an issue that is atop or near the top for security concerns.
“The explosion of employee-owned devices being used in the enterprise has quickly become a main focus for CSOs. There is a confluence of events taking place: it's quickly becoming more efficient for companies to use third-party cloud applications. And employees demand to be more mobile, bringing their own high-performance devices. The bottom line is there is no single best practice to securing corporate data on these devices — it requires a layered approach, balancing among cost, security, compliance, productivity and corporate culture,” said Bill Burns, director of IT Security & Networking and Wisegate Member.
CSOs face a myriad of issues when it comes to BYOD; however these are their most pressing concerns:
- Leakage, loss or theft of company data as well as proper storage and transmittal
- Limitations of how these devices can be managed, for example can the company lock down the device or should they even have the authority to do so
- Defending malware, spyware, viruses, Trojans and other tools of cyber warfare on mobile devices
- Methodology of supporting multiple platforms, systems, firmware, applications and mobile carriers effectively
It seems the more the issue is addressed the more problems there are to resolve. This type of policy benefits organizations by making employees more productive and engaged with their work. Everyone is experiencing growing pains, but just as other technologies and policies we thought would destroy us came and went, so will this one.
Edited by
Rachel Ramsey