Johannesburg, 26 Apr 2017
Today's workers are more mobile than ever, and there's no end in sight to the growth in connectivity - inside and outside the office. According to Gartner, by 2020, the world will be saturated with more than 21 billion connected devices.(1) Other experts say that by the same year, there will be more people with a mobile phone than those with running water and a car, and that Internet traffic will break the zettabyte barrier.(2)
Clearly, the BYOD security debate is over, as organisations recognised long ago that to stay competitive, they need to be flexible enough to allow users the freedom to connect multiple devices, whether they're owned by IT or not. Most organisations have enabled that flexibility through a measured approach, whereby certain conditions must be met before a user's device can access sensitive data. This includes conditions about the device's status, authentication procedures used, criticality of data being accessed, and so on. Mature organisations come up with these requirements based on sound risk assessments and codify them through official policies. These policies are meant to protect the network and data, both in transit and at rest, on mobile and Internet of things (IOT) devices.
But that's only step one in actually managing risk in this new era of always-on mobile connectivity and IOT initiatives. Policies are only as good as their enforcement mechanisms. And, unfortunately, many organisations don't have the technology or processes in place to actually turn security policies into consistent action, namely through effective and automated enforcement workflows. To truly mitigate the risk of mobile and IOT-enabled data breaches, organisations need to consider the following five steps.
Share