Page 22 - Cyber Warnings
P. 22
BYOD Could Mean ‘Bring Your Own Disaster’ if Organizations in
Middle East Don’t Plan for Security Risks
As adoption of wearables becomes more mainstream in the Middle East, it brings added
complexity to BYOD in an enterprise. One of the more interesting features of wearable tech is
its ability to tether to, and control, smartphones over a remote connection. So even if wearables
are denied access to enterprise networks, they may already be able to access it. Which means
they can download and store company data. Many come with built-in cameras. This will
understandably make IT departments worried.
According to recent studies by Aruba, the new generation of employees –#GenMobile – expect
mobility at the workplace to be a given, so any blanket decision to ban such devices from the
workplace will be highly unpopular. In fact, almost two thirds of study respondents say they use
mobile devices to help them manage their work and personal lives better.
If the decision is made to accept wearables into the organisation, it is unlikely that existing
BYOD policies that govern the use of corporate data be enough - new policies will be required.
When tinkering with these policies, CIOs have to keep in mind the fact that there will be other
IoT-based devices coming along that could be embedded into an employee’s clothing or even
office kitchen appliances. The acronym “BYOD” will soon have to be replaced with “BYOX”, with
the “X” symbolising “practically anything”.
Failure of First Generation of BYOD policies – Lessons to be learnt
The first generation of BYOD devices received similar levels of access to the network, in a fairly
uniform approach. This needs to stop. CIOs should now turn their attention to the context of the
use case, and the underlying communications network. This means putting in place solutions
that can secure any mobile device that connects to corporate Wi-Fi; giving them complete
visibility of the number, type and frequency of mobile devices assessing their network.
Today’s network should be capable of enforcing flexible security policies that are capable of
analysing – and acting on - the context of how an employee uses the mobile device. For
instance, an employee using a smartwatch at a coffee shop to access corporate data may not
be granted the same level of access as one who uses a PC during office hours. Depending on
the context, different policies should be applied to make sure that the right balance between
flexibility and security is met.
By incorporating these new levels of network visibility, companies will also be able to identify
specific applications and who is using them. After these apps are identified and visualised,
access controls and policies should be applied to prioritise the performance of business-critical
apps over personal ones. By analysing and controlling access management systems, it is
possible to get as granular as disabling a device’s camera in restricted locations.
22 Cyber Warnings E-Magazine – September 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
