"The problem with mobility is NOT the device, but the data on it"
Mobile Devices To Minimize Threat, Loss And Risk
BYOD is certainly the latest buzz-word in the hallways of most IT/ES organizations. “Business-Anytime-Anywhere” is the mantra of the 21st century and mobility is just the ingredient to achieve that.
The market is flooded with a plethora of BYOD, MDM (Mobile Device Management), MDS (Mobile Device Security) products. They come in various flavors and ship under various names. However, they mainly look to control the device rather than control the data. Implementing BYOD in its true sense and spirit means “Allowing users/ employees to freely bring in ‘any’ device for business use, to be utilized in a secure manner based on the company polices”. Most CISOs et carried away by the fact the most COTS (Commercial off-the-shelf) solutions available for BYOD/ MDM have capabilities like remote wipe, remote lock or user control. The problem with mobility is NOT the device, but the data on it. Here are a few common BYOD implementation
pitfalls and ways to avoid them –
• Don’t address a particular mobile platform address the core business problem / challenge.
• Remote wipe is not a Godsend! If you delete an employee’s personal data; even by accident, you are liable for damages.
• Implement sandbox environments around application areas containing sensitive information and wipe this on a periodic basis.
• Implement strong authentication within the application on the device.
• Design policies, procedures and processes around loss of devices, transfer of devices, wiping of devices.
• Mobile devices can be reverse engineered, like jail broken or rooted. Ensure that there is protection against such malicious changes.
• Implement secure connectivity between the device and the application. Technologies like SSL-VPN help to establish trust-mode computing and greatly reduce risks of malware and malicious users.
• Bundling a DLP (Data Loss Prevention) or an IRM/ DRM (information / Data Rights Management) along the BYOD/ MDM solution will also prevent intentional or accidental leakage of confidential information.
A clear policy on “Mobile Application Exposure” is also needed. An organization does not need to expose all applications on mobile environments. While there are products that promise secure mobile computing, BYOD and MDM applications need another 2-3 years for mass adoption and to attain maturity. It is highly advised not to expose applications carrying highly sensitive and critical information onto mobile devices. Users need to be additionally careful with their mobile devices. Users should also be made to realize that BYOD is a privilege and not a right. Employees and a topdown management mandate on adherence to security measures on BYOD are the one the key factors to a successful BYOD implementation.