Wednesday, 03 April 2013 08:23
Written by Patricia Pieterse
Sean Wainer, Citrix
While it is an exciting technological evolution, the trend of bring your own device (BYOD) is causing headaches for companies’ IT security systems.
Companies implementing BYOD face the challenge of allowing employees freedom to work anywhere, but still keeping sensitive corporate data safe.
“Imagine the scene: a plethora of devices, all of them private, each with their own configuration, accessing a corporate network with potentially sensitive data. Without controls, you get a massive
security nightmare,” says
Simon Campbell-Young" rel=tag>Simon Campbell-Young, CEO of Phoenix Distribution.
Sean Wainer, country manager for Citrix southern Africa, says: “Compliance, data protection and privacy concerns are the top considerations in any BYO decision. Primarily, these
security issues have arisen as a result of the transfer of power away from the IT department.”
He says in previous decades, the IT department had end-to-end control of everything in the enterprise. “Not so much anymore. The practice of ‘secure everything equally and hope for the best’ just doesn’t cut it when dealing with BYO and cloud,” says Wainer. “Clinging to the comforts of
security’s past leads to fear for
security’s future.”
According to
Mike Styer, NetApp SA country manager, the biggest threat companies face is not being prepared. “You have to be a lot more aware,” he says.
An influx of various tablets and smartphones to the company’s network means
security has to make provisions for all the various operating systems, he says. Many have managed some control over viruses, but Trojans are still a big risk. Employees downloading and running un-trusted programs leads to the possibility of allowing spyware or
malware to penetrate the network.
So, how can companies combat these threats?
Wainer says the first step to securing BYO is “implementing a sound BYO policy, which ensures that data is available when and where it is needed, while remaining secure”.
Campbell-Young echoes this sentiment: “BYOD policies need to be transparent. Having parts hidden from employees can cause the policies to backfire. Such openness requires a rethinking of corporate communications with its traditional need-to-know basis. The trust that this change can foster will in turn fuel the productivity increases that enterprises are hoping to get from BYOD,” he says.
Styer says without proper policies and procedures, as well as appropriate infrastructure and protection against
malware, mayhem will ensue.
According to Wainer, “businesses need to create an IT environment where IT retains the overall governance in the face of a plethora of devices. For example, adopting ‘follow me’ data solutions that provide IT departments with complete control over employee data and apps is an integral step to take, as it becomes the norm for employees to access the network anywhere, on any device.”
He adds: “Virtualisation is also a key component of providing
security for BYO – centralising data, increasing
security, reducing costs and enhancing productivity. This evolution is driving slow incremental changes to existing applications and processes, while enabling wild innovation for those who start anew – especially for those who transform
security through virtualisation. Effective virtualisation
security protects mobility, collaboration and social computing through isolation of sensitive resources. A BYO programme cannot be effective without virtualisation.”
“Security of data during its transmission between the mobile device and the organisation’s data centre is an important element. In addition, the
security of remote access to the organisation’s information must be ensured,” says Campbell-Young.
“Any BYOD strategy has to include the use of device management and
security controls to enforce the policy. This means installing device management clients on smartphones and tablets. It also means installing VPN clients. Employee devices can be configured by the organisation over-the-air, and they can be erased remotely if they are lost or stolen. All devices will be monitored for compliance in real-time, to detect out-of-date device operating systems and unapproved apps, and to provide jail-broken and rooted detection,” he says.
For Styer, one thing is clear for companies considering BYOD – they are behind the wave, and must catch up.
“With BYOD, you don’t have a choice,” he says. “Be prepared for it. Don’t try to block it. If you’re Draconian, you won’t get the benefits one gets when people are allowed to work how they want.”
There is a lot of research that suggests that when people are allowed to work with the tools they choose, productivity increases, he notes. Wainer’s advice to companies implementing BYOD is to “be flexible with your BYOD programme – and most importantly, accept that this isn’t just an IT problem”.
He concludes: “Engage stakeholders across the business, from HR to legal, to ensure that all aspects of a BYO programme have been considered – from policy to infrastructure. BYOD doesn’t have to be an all-or-nothing proposition. You have the liberty to control the specific services you want to make available on devices, and whether this will differ for specific work groups, user types, device types and network utilised.”