Go to Top

BYOD and its impact on corporate security

The Bring Your Own Device (BYOD) trend has made the already very complex reality of corporate networks even more complicated. “Bring your own device” is part of the everyday work life in many places and it means that employees want to use popular devices such as smartphones, tablets or laptops on the corporate network. In order not to hinder productivity but, on the contrary, to increase it, many companies already support taking personal devices to work (and using them), as well as allowing access to secured corporate networks from home.

For IT administrators, this means that to the already existing challenges of network security, still more are being added. Because with the increasing use of personal devices, companies of all sizes have to contend with the problem of network bandwidth. Therefore, a company should proceed systematically and develop a reasonable strategy.

Benefits and Challenges for Companies, Employees and the IT Department

But despite the challenges, IT departments can also benefit from this trend. In times when the durability of electronic devices is reduced to a minimum, lifecycle management becomes a complex and obscure task. With BYOD, a part of this responsibility is transferred to the staff, causing extensive training to be unnecessary since employees are already familiar with working on their personal devices.

However, the separation of private and business data must be correctly defined, as well as secure access to the latter.

Typical Questions Companies Should Ask Themselves Concerning BYOD

  • How are applications installed and used with different operating systems?
  • How are a large number of devices and configurations dealt with?
  • Who is responsible for hardware, software, data and support?
  • What happens when a device fails?
  • How is control of all devices connected to the network retained?
  • How are corporate data protected against damage, abuse or even theft?
  • How are security policies implemented without compromising performance and ease of use?
  • Are the compliance requirements of the company met?

Companies assess many of these challenges as complex, risky and costly. But conversely, employees have very similar concerns when it comes to protecting their privacy and sensitive information from the employer.

Apps and Services

If BYOD had only to do with devices, the management of these could be reasonably coped with. But BYOD also includes an entirely new generation of small, downloadable cloud-based applications and services over which the Company has no control. Companies should therefore work out policies that are viable for all jointly with their staff. In this sense, the following questions should be answered:

  • What apps are being used currently and will be used in the future (by the company or the user)?
  • Is the company capable of identifying and blocking dangerous apps and malware?
  • Can access to the network be prevented when a blacklisted app has been installed or a jailbroken device is in use?
  • Which app stores are used and which may be used by employees?
  • Which cloud-based storage services are used?
  • What Apps and actions store sensitive data on private devices?
  • Should end-to-end encryption of data to be considered?
  • Should MAM (Mobile Application Management) and EMM (Enterprise Mobile Management) applications be considered?

Everything Starts with Security

In the sensitive area of security, the goal is to find a viable solution, because an all-round perfect solution unfortunately does not exist.

You should ask yourself the following questions in order to find an optimal balance between necessary security and practical working conditions:

  • What security and compliance problems with BYOD/mobile devices are already known?
  • Have company data been already got lost on devices or has a loss of data occurred?
  • How does the IT organisation prevent malware attacks on private devices and how is malware removed in case this happens?
  • Are employees aware of the security policies for mobile devices and data protection?
  • What compliance and privacy policies should be met?
  • Is there a separation between personal and business data?

Another Non-negligible Area Relates to Liability Issues

In order to show only some of the aspects to be considered, these are a few questions that require deeper consideration:

  • Who is liable in case of loss or theft of the device?
  • In what situation does the employee have a right to a refund or compensation?
  • Responsibilities for damage or loss of private devices: does it make a difference whether the device has been stolen or damaged at home, at work, or on a business trip?
  • Is the damage settled at a flat rate or individually?
  • What happens in the case of negligence?

What is clear: the issue of “Bring-Your-Own-Device” applies not only to the infrastructure or the challenges around security and feasibility. It is also related to the definition of strategies, technologies and policies that affect all departments and all employees. Managers of modern companies need to adapt to the fact that the worlds of work and private experience increasingly mix, and that reasonable, safe and viable solutions for BYOD will be indispensable.

The primary goal must always be to ensure the comprehensive protection of data, clients and networks within the company.

Image source: © www.einstellungstest-polizei-zoll.de /pixelio.de

, , , ,

Leave a Reply