View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
April 15, 2016updated 06 Sep 2016 2:11pm

How to allow BYOD without compromising on security

Opinion: Pulse Secure's Paul Donovan explains how enterprises can no longer avoid BYOD and lists the factors that enterprises need to consider in order to deploy BYOD securely.

By Vinod

The business, technology and employee landscapes have changed and today, employees, from the C-suite down, expect to access information from anywhere, at anytime and from any device. With research from Gartner suggesting that half of all employees will be using their own device by 2017, it seems that BYOD is here to stay.

Deployed successfully, BYOD can offer an enterprise increased productivity, lower costs and overall employee satisfaction but security concerns still stifle widespread adoption. So how can enterprises allow BYOD without compromising on security?

The landscape has changed
Advancements in technology has made it possible to work from almost anywhere and both employees and enterprises have taken advantage of this. For employees, it often allows a greater degree of freedom. For organisations with distributed workforces, having employees being able to log in and easily access information with mobile devices means less frustration for the employee and ultimately more productivity. Equally, guests who attend meetings and even onsite employees who bring their own mobile devices can access the same benefits.

Getting started
Of course, there’s a host of technical aspects that enterprises need to consider. But before you get in to the bits and bytes, you’ve got to build a formal BYOD policy and create a culture where employees understand and appreciate their role within that policy. Once these are in place, it’s time to look at the devices, apps and access controls the enterprise needs to consider in order to secure access to its data and capitalise on the potential advantages of BYOD.

Walk before you can run
Creating a BYOD policy has to be the first step. Otherwise, you could deploy technologies that may or may not be relevant for your particular business needs. There are several aspects to building a BYOD policy. The first consideration is to ensure that you’re compliant with any industry requirements such as regulatory issues within the healthcare, financial services or public sectors. The policy also needs to give employees access to the underlying application and business processes they need to be productive. Lastly, any policy needs to be backed up by enforcement and management tools – this is where Enterprise Mobility Management (EMM) comes in.

EMM can help define what can be enforced within a BYOD policy and help create processes for dealing with issues such as lost, stolen or misused devices or what to do when an employee leaves.

Some EMM solutions use container security that fully separates enterprise and employee data, apps, communications and networking, giving IT complete governance over corporate information on an end user’s BYOD workspace while not infringing on their personal privacy. This is helpful to both the employee and the enterprise. Acceptance of BYOD is often talked about from the enterprise’s perspective but employees can also have reservations about bringing their own devices into the workplace.

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

Their concerns are mainly based around privacy and not wanting their devices and their data to be at the mercy of the organisation they work for, which is a valid one – it is, after all, their device and their personal information. Container security helps to assuage these concerns throughout the employee’s time with the company and also provides a very neat solution when the employee decides to move on.

Culture Club
Considering over half of security breaches are the result of human error, and the new EU GDPR will mean fines of 4% of global annual turnover for a data breach, employees are a huge factor in the success of your BYOD strategy and your wider data protection strategy. The enterprise needs to evangelise the benefits and promote the use of BYOD to deliver on its promises. Alongside this, enterprises need to educate users about the impact of data losses and develop a culture of responsibility for mobile devices and the data they house.

Paul Donovan, Pulse Secure

Paul Donovan is EMEA Sales Director at Pulse Secure

Now to the more specific considerations:

What devices will your BYOD policy support?
Employees will have favourite brands which they’ll want to continue to use, but you have to be realistic about what the IT department’s resource can support and make a balanced decision about which devices you’ll include. For an IT department used to supporting Microsoft Windows which updates its software about every three years, supporting mobile devices from various manufacturers who release new software updates every few months is a different kind of resource entirely and represents a huge challenge. The key to success is making that challenge as manageable as possible.

How will you deal with the slew of applications?
Giving employees access to mobile applications such as email, browser, collaboration tools, document management and remote desktop access can improve productivity but some applications come with a risk. Researchers from FireEye, in the 2015 Data Breach Investigations Report by Verizon, analyzed more than 7 million mobile apps to find that 96% of mobile malware was targeted at the Android platform. They also found that more than 5 billion downloaded Android apps are vulnerable to remote attacks.

With a marketplace saturated with not only a slew of mobile devices but an even bigger slew of apps, it is imperative that your strategy addresses the risks that each of these individual factors presents to your IT infrastructure.

How will you give access while still protecting your network?
Naturally, these devices and apps connect to your network so implementing a robust SSL VPN and Network Access Control (NAC) solution is a must for organisations adopting BYOD in order to protect the enterprise network. Role-based, application level security policy enforcement will allow enterprises to manage and monitor mobile device sessions on-premises network as well as over secure VPN.

The access factor of your BYOD policy also needs to extend to guests, visitors and business partners that your employees need to collaborate with. A NAC solution that offers granular control over guest network access will allow your employees to share data without compromising your network.

Usability will make or break your BYOD policy
As you set your policy and consider exactly how to deploy your BYOD strategy, it’s important to recognise that one of the main reasons why many BYOD and remote access programs fail is because they’re simply too complex. If connectivity is too complicated, productivity will suffer and employees could find workarounds that compromise your security. A NAC solution that offers automated configuration and a unified desktop client can help to successfully and efficiently onboard users and streamline the overall user experience. Ease-of-use has to be the priority for a successful BYOD deployment.

 

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU