With the escalating bring-your-own-device (BYOD) trend, personal mobile devices ? from laptops to smartphones ? are increasingly being used to access business-related and potentially critical data, posing significant security threats for businesses.
Business-related data is "frequently being stored on unsecured, highly-portable devices that are prone to loss and/or theft", says Fred Mitchell, software division manager at Drive Control Corporation (DCC). "Sacrificing security for the sake of mobility is not a long-term solution, and will only invite trouble further down the line."
Closing this security gap requires a multifaceted approach, including policy, process and tools, with all-encompassing security as its main focus, Mitchell advises. Businesses need to deploy both mobile application management (MAM) and mobile device management (MDM) strategies, he says.
MAM strategies need to ensure employees do not utilise unapproved mobile or cloud-based apps, which can introduce malware to devices, says Mitchell; while MDM must incorporate software delivery, application repair, file encryption and more. MDM must also enable businesses to remotely wipe or block devices should they be lost or stolen, he adds.
"In order to protect the enterprise, as well as employee privacy, mobile security must ensure corporate data is isolated and protected from data leakage, malware and unauthorised access," Mitchell continues.
However, the personal nature of mobile devices poses considerable challenges to these security measures. "As BYOD essentially allows users to make use of their personal devices, irrespective of brand or platform, mobile security should provide heterogeneous device support and comprehensive visibility and control over all operating systems," notes Mitchell.
"BYOD adoption has been hindered by the complexity it introduces," says Llewellyn Chame, mobility specialist at Dell. "IT managers simply do not have the time to support all these disparate devices."
CYOD: a better plan?
Choose your own device (CYOD) is a viable alternative to BYOD, says George Lodewick, Dell commercial product specialist at DCC. "CYOD lets the business take back control, allowing users to choose from a range of suitable devices that are fully managed and comply with business security policies," Lodewick explains.
"Businesses following a CYOD strategy would acquire a select range of devices via a reseller," Lodewick elaborates. "As security protocols are usually set up on a Windows server, the OS of the devices would also be an important selection criterion. By using a single trusted supplier, they are able to negotiate control of service and repair value chains, ensuring devices are subject to on-site warrantee or vendor repair according to corporate policy.
Mitchell disagrees with this solution. "Enabling employees to have their choice of device is essential in catering to an increasingly informed and consumerised workforce," he says.
"Furthermore, mobile security needs to be flexible enough to grow and change with the evolving needs of the enterprise," he concludes.
Share