April 21, 2014
As BYOD becomes an increasingly widespread trend in the workplace, a recent survey* reveals that employees using personal devices in the workplace could be leaving themselves (and their companies) open to attack.
Unsurprisingly, when it comes to downloading apps and managing devices, BYOD security is an extremely important issue. This is most likely due to the false sense of security that comes from using personal devices, in addition to employees making the fatal mistake of overestimating the security capabilities of their companies’ BYOD programs.
It’s important to note that while the U.S. boasts one of the most advanced BYOD environments in the world, there is still much to learn and many pitfalls to avoid, as is the case with all new technology.
Check out a few of the most noteworthy findings from Gartner’s survey:
From these findings, Gartner recommends a variety of solutions* to help eliminate security risks and protect vulnerable company data. As choosing the right EMM solution becomes more important, companies must:
Develop solid BYOD policies based on business requirements and risk profiles, while also staying on top of changes in mobility to protect corporate information.
Without specific policies outlined in concrete terms, there will always be gray space to undermine security. These agreements should include the use of signatures and human resource records.
According to the survey, even if there is a formal agreement, around 10 percent of respondents admit to the fact that they would probably not report an issue, while 15 percent said they would only report a serious issue.
Successful BYOD programs have strict policy enforcement and compliant users, while all policy agreements must be created with clear guidelines for security breaches.
Any work activity on a private device automatically carries the threat of a security breach. Thus, IT organizations must balance protection, governance and user flexibility, with help from TSPs to evaluate and implement policies and procedures, ongoing user education, and sourcing and deploying mobile security, encryption and mobile device management (MDM) solutions.
When it comes down to it, BYOD security is about protecting data on the device, rather than the device itself. Security must exist in the application, in data controls and in add-on capabilities like containerization or virtualization. Because mobile devices are designed to share data in the cloud, data can be easily duplicated between applications and moved between applications and the cloud.
There are many different ways that a smart device could come under attack, and one of the most obvious is theft. It’s a huge-scale problem with hundreds of devices stolen every day across the country, particularly in major cities.
Now, however, the wireless industry is beginning to fight back. In the event that your smart device is lost or stolen, U.S. carriers and The Wireless Association (commonly known as the CTIA) officially launched a revolutionary database for stolen smartphones last year – in addition to expanding efforts to educate the general public on how to deter smartphone theft.
Recent events have also highlighted more imperceptible security threats – for example Heartbleed, one of the most invasive OpenSSL security bugs of all time, swept across the world stealing Internet-stored passwords and personal information in the blink of an eye.
An important note about security threats – mobile applications are just as vulnerable as Internet infrastructure. To combat this, several companies offer patches and upgrades to protect devices, while apps are available to determine users’ individual vulnerability for potential security threats.
* Gartner Presentation, “User Survey Analysis: U.S. Consumers Show Little Security Concern With BYOD,” Gartner, Inc., April 2014.
† Reedy, Sarah. Mobile Apps Susceptible to Heartbleed, Too. Light Reading, April 2014.