Page 7 - index
P. 7
%#30)27 (!++%-'%1 )- 2(% '% .& 6
By Gretchen Hellman, Senior Director of Security Strategy, SolarWinds
The productivity, morale and cost savings gains of allowing employees to bring their own
devices to work has driven the majority of companies to allow the practice of BYOx.
However, as with most shifts that provide greater IT accessibility and connectivity, big
security issues have come along with it.
The mobile technology revolution has not only disrupted IT, but IT security as well. Long
gone are the days of stringent common operating environments and usage policies that
allowed security to keep on top of vulnerabilities, risk and security controls. Today, corporate
networks are made up of a wide range of devices that have both personal and corporate
applications and data. This has created a slew of new challenges for IT pros tasked with
securing corporate environments.
In fact, a recent SolarWinds survey showed that IT pros believe the role needing to adapt the
most in the next three to five years is information security. Combine this with the fact that in
the same survey, BYOx ranked as the most disruptive technology to business over the past
three to five years. Here is a closer look at how BYOx has infiltrated business and why it is
causing IT pros to rethink information security.
End of Control
The greatest security challenges brought on by BYOx are the reduction of overall security
control, introduction of new and often unknown vulnerabilities—and their subsequent risks—
and the blending of personal and corporate use. Many companies that allow BYOx are
enforcing policies and standards for acceptable use, security standards and which devices
and configurations are permitted. However, without stringent controls that limit personal use,
data remains at a greater risk than before. Much of this harkens back to the age old
challenge of dealing with user decisions when enforcing security measures. This challenge
explodes in the world of BYOx because it is that very user who owns the device.
According to a recent Gartner, Inc. survey, a quarter of business users admitted to having a
security issue with their private device in 2013, but only 27 percent of those respondents felt
the need to report the issue to their employer. To complicate matters, stringent controls,
such as limiting allowed “apps” for personal use, while they are the best security decision,
defeat the purpose of BYOD.
With an existing inherent distrust over corporate control of their personal and private data,
employees are even less reluctant to dedicate their expensive personal devices to work if
too many restrictions are placed on their usage. Employee participation creates the very
foundation of BYOx, and security has had to make some allowances that introduce risk.
What’s more, the multitude of free “apps” and their ease of deployment have made mobile
devices a new focus for both lucrative and malicious malware. Android malware in particular
is quickly increasing in volume and sophistication due to its open platform.
! " $
! # ! "