Security Challenges Posed By An Increasingly BYOD World
by Andre Boysen, Executive Vice President of Marketing at SecureKey
Decision-makers are becoming increasingly familiar with the benefits of the bring-your-own-device (BYOD) trend. Not needing to purchase the latest hardware or supply phones across an organization can significantly reduce costs as well as create a workforce that uses cutting-edge equipment rather than outdated devices.
However, BYOD is not without its issues. For some organizations, the trend may have been discovered accidentally when IT noticed that someone was accessing company resources from an unauthorized device. While laptops have long been a popular work device, they still aren’t quite as portable as tablets. Additionally, many employees will use their corporate email through their smartphones.
Both of these device types have added vulnerabilities to networks that didn’t exist just a few short years ago. Sensitive information may be stored on smartphones and tablets, which could then be stolen. Not all employees will deploy robust antivirus or monitoring software on their equipment either, meaning that malware might potentially reach a company’s IT infrastructure.
Mobile device management (MDM) software can prevent some of these problems. Remotely wiping data can spare decision-makers from a potentially painful security breach, as can preventing employees from engaging in certain risky activities on their phones. However, firm BYOD policies are the best course of action, so that employees know what to expect when using their personal smartphones and tablets, as well as best practices for keeping company resources safe.
BYOD as a security enhancement.
All that said, BYOD can help manage, or even enhance, security. Smartphones are deeply personal devices – they’re on their owners at almost all times, unlike laptops. They are also used almost exclusively by one person.
BYOD can improve security while employees are browsing consumer websites. This is a requirement for many companies, from those issuing corporate tweets to those performing research. In many cases, workers will have to log into a site. Every time that they have to enter a password, they expose their business to risk.
By contrast, device-based authentication, or multi-factor authentication that relies on a password and smartphone, provides a level of additional protection that couldn’t otherwise be achieved. The personal device helps confirm someone’s identity far more accurately than the usual login credentials.
Furthermore, an employee will know when his or her phone has been stolen or gone missing. This often won’t be the case with a password. Employers can deploy MDM systems that allow them to remotely wipe a phone or they can restrict access from the compromised smartphone. By contrast, a thief might use someone else’s credentials for days or weeks before anyone notices, at which point the damage has already been done.
Even if a mobile device’s disappearance isn’t immediately noticed, two-factor authentication that relies on it and a password still requires figuring out the authentication details attached to the device. This could also prevent someone from accessing sensitive systems without authorization.
Managing BYOD policies does take some care, but so long as it’s properly deployed, it may even be beneficial from a security standpoint.
SecureKey’s Executive Vice President of Marketing, Andre Boysen is responsible for cultivating new and exciting opportunities in existing markets.
This is an article contributed to Young Upstarts and published or republished here with permission. All rights of this work belong to the authors named in the article above.