Tag Archives: BYOD

Redefining BYOD

Bring Your Own…


 
More companies are seeing the benefits of allowing their employees to bring personally owned devices into the workplace and onto the corporate network. The familiarity of having your own smartphone for work means that you can work faster and, perhaps cynically from the employer’s perspective, that you are far more likely to work longer. It’s not all a one-way street though, you don’t need to carry two devices, much of the cost of your personal smartphone use is offloaded to your employer and you get to choose your preferred hardware.
 
BYOD is not without its risks for the enterprise though; the challenges of managing and securing a heterogeneous estate of mobile devices should not be underestimated. Multiple manufacturers, multiple versions of multiple Operating Systems and an ever-widening pool of apps all exacerbate the security headache. It’s hardly surprising that alternative definitions for BYOD have already been proposed “Bring Your Own Disaster” or “Bring Your Own Danger” for example. Well here’s another one, I hope a little more helpful…
 
Many of the BYOD headaches for enterprises can be reduced to a few discrete problems. The multiplicity of devices and operating systems, the inappropriateness of a particular platform to a given role or the legality of making modifications to someone else’s “computer” for instance, how do you legally “wipe” a device that you do not own?
 
Facing up to these challenges demands alternative approaches. One such strategy has been called “Inverse BYOD” where a business owned device is provided to the employee for both personal and business use. This strategy has some mileage and offers the beginnings of a workable long-term strategy for enterprise.
 
At its most basic “Inverse BYOD” sounds like nothing more than a return to the days when you carried a company-issued device and those days are certainly not set for a return. Today’s consumer demands more than “any colour that he wants so long as it is black”. More extensive descriptions might include ideas such as restricting those devices to a distinct “untrusted” infrastructure and treating them as forever external. Well, 1999 called and they want their reality back. Integration of device and data happens way outside of any hardware enforced network boundaries and it is wholly unrealistic to imagine that by keeping smartphones off the enterprise network, risks are mitigated.
 
And that’s where Bring Your Own Data comes in.
 
Enterprises need to recognize that consumerisation is a reality and that their employees already live in a world where choice is considered normal. Employees need to recognize that access to sensitive data in the workplace carries with it certain obligations. A Bring Your Own Data strategy means that companies can offer devices from a pool of “enterprise approved” hardware. Approved for their manageability and for their appropriateness for the employee’s role. Companies are no longer in the position of having to yes to everything for everyone, neither are they obliged to support every flavour of every Operating System from every manufacturer. Those in roles with access to information of the highest sensitivity may be able to chose which Blackberry or iOS device they would like to use, while those with access to less sensitive information could choose from certain Android devices, for example.
 
The key to success though is creating a culture where employees feel both authorized and empowered to bring their own, personal data to those enterprise owned devices. This reduces the temptation or the need to sneak an unapproved, unmanaged device into the heart of the network and brings all the benefits, personal and business, of putting cutting-edge technology into the hands of your employees.
 
As with most Information Security challenges the key to this is a human one, security by consensus beats security by diktat every time. Only one thing is certain, BYOD of whatever definition is already a reality and you need to consider Bring Your Own Defence because Bring Your Own Denial won’t cut it.
 

Is consumer mobile tech enterprise ready?

An increasing number of companies are opening corporate networks and data to consumer mobile technology. The resulting trend, referred to as the consumerisation of enterprise mobility, assumes even more disruptive connotations when the employees are allowed to use their own smartphones and tablets at work.
 
Consumer technology is convenient, easy to learn, and fun to use. However, consumer technology is generally not as secure or manageable as is required by the enterprise. Consumer technology brings real business value in terms of productivity and business agility. However, the lack of a strategic approach to the consumerisation of IT creates security risks, financial exposure, and a management nightmare. Rather than resist it, organizations should embrace consumerisation to unlock its business potential. However, organisations need to consider the security and management capabilities of each mobile platform.
 
New research from Trend Micro compares the ability of several different mobile platforms to meet the demands of use in the enterprise. The results of the research, carried out by Altimeter Group, Bloor Research and Trend Micro’s own specialists, clearly show that in the opinion of the researchers, BlackBerry 7.0 scored highest across the board, ahead of (in descending order) Apple iOS5, Windows Phone 7.5 and Google’s Android 2.3.
 
Platforms were each scored on several factors, including built-in security, application security, authentication, device wipe, device firewall, virtualisation, and many others.

 

Some highlights of the findings:
 
RIMBlackBerry OS is the option of choice for the most stringent mobile roles. However, many features and protections that are commonly enabled or enforceable via the BlackBerry Enterprise Server (BES) are not present on devices that are user-provisioned via BlackBerry Internet Services (BIS).
 
Apple – The iOS application architecture natively provides users much protection because all applications are sandboxed in a common memory environment. Security in iOS also extends to the physical attributes of the iPhone and iPad.
 
Microsoft – A reasonably robust and secure smartphone operating system, Windows Phone uses minimum privileges and isolation techniques to create individual process spaces. Apps are pre-approved by Microsoft and only signed code can be executed on the platform.
 
Google– Although Android is now available in more recent versions (4.x), version 2.x is still the most widely deployed on existing and new handsets. This is a security risk in itself; there is no central means of providing Operating System updates, meaning that many users remain unprotected from critical vulnerabilities for a prolonged period.
 
The full report is available here.