As with all technologies, the biggest security threat emerges from end users’ device management habits. The best security ever devised can fall apart if a user writes their ID and password on the side of a two-factor key and then drops it in the hall. Security can also fall apart if end users visit malicious websites. Sure these threat conditions have existed since the first days of the Internet, but Bring Your Own Device (BYOD) has focused security attention on devices once again.
Some IT security professionals consider BYOD a four-letter word. The Wild West of just “bring any device to work and expect confidential data to appear” is a recurring nightmare for the security conscious among us. IT professionals prefer to know where data are going and to have some control of the devices that hold the data. As it turns out, with the right tools, policies and employee education, BYOD can be secure.
Each device in your BYOD ecosystem represents both a productive opportunity and a security threat for the organization. The organization will decide if the productivity opportunities are worth the security risks. When the answer is yes, as it is for many organizations today, securing and maintaining your BYOD ecosystem requires education and effort.
To maintain BYOD security, do not spend time or effort trying to plug BYOD holes. Rather, build your BYOD platform with security first, and maintain the security-first practice for all BYOD activities. Building with security first means that you start with a secure device management platform that can encrypt data at every stage, segment private data from work data and wipe data remotely.
Then, define the requirements for the devices that your platform will support. This includes determining the allowable operating system (OS) versions, disallowing side-loaded apps, and limiting the age of the hardware. Beyond the infrastructure and devices, a secure BYOD ecosystem will also require automatic device locking with password minimums, employee education and signed end-user agreements from every BYOD user. Combined, these security practices can create a maintainable and secure BYOD platform.
However, BYOD is not a set-it-and-forget-it platform. For many reasons – including today’s rapid pace of new device releases, BYOD requires active management. Learning to secure and manage your BYOD program requires training and awareness across a variety of technology disciplines, including the devices, the OS and the management tools. In addition, securing your BYOD ecosystem requires a deep level of security training and practice.
With the right platform, polices, practices, education and end-user agreements, it is possible for the organization to gain the productive benefits offered by BYOD while maintaining appropriate data security. These outcomes are not accidents. They are architected, implemented and monitored to ensure standards compliance. To implement a well-managed BYOD program, organizations must invest in IT systems and trained staff to ensure viruses, malware and other security threats are mitigated, no matter who owns the device.