"The big wave of mobile devices flooding the corporate world, should be welcomed with an eye on security"
Mobile Devices To Minimize Threat, Loss And Risk
We are witnessing a big wave of mobile devices flooding the corporate world like Mobile Tsunami (MTsunami) brought by young and talented people. Rather than holding back, we have to make this data flow secure. For this we need to initially bifurcate the data into various buckets like confidential, personal, public, internal or external. Then apply second layer of security like encryption and use certificate base authentication to transfer and access data on approved device. Accordingly, Device lock, remote data wipe and password protection has to be configured and incorporated in the policy. The key drivers for adoption of mobile devices range from secure communications, scalability, and manageability, integration to self-service portal, where users themselves can manage basic functions like password change and device data wipe. Currently, there is no regulations prescribed by Indian regulators around Bring Your Own Device (BYOD) solution, however, we have seen other countries progressing in this direction. Globally, there is a standard practice in place to securely implement this product, which includes the best practice followed by a company, best practice from the Mobile Device management (MDM) solution provider and third party risk assessment of the solution after implementing.
There are some challenges in this area:
Licensing: Some of the software licenses have terms that restrict installation of the software to machines owned by Institutions. However, some vendors restrict this and allow installation only to company-owned device. People don’t easily accept this, but it’s one of the tradeoffs that has to be accepted. As BYOD goes mainstream, it may change, but for now, it’s the reality. We’re in the process of deploying an application virtualization solution that will alleviate this issue to a point.
Security: Mobile devices are running on different operating systems making it difficult to form policy for each device to manage the data. It also means that all users have to authenticate their device before they can access data. Device support limitations: When it comes to supporting people’s personal devices, bear in mind that BYOD has limited control. If the device needs repair, they need to get it fixed on their own. If it’s out of warranty, they will have to incur it as a personal cost.
Policies: Clear well defined policies are required to be incorporated.
There are certainly more challenges in supporting devices in BYOD mode than just BlackBerry. But it’s basically an extension of an overall concept that has existed for along time. Kindly note, you have to set limits, security requirements, appropriate policies and an ability to say ‘No’ if or when things get to a point where they simply cannot be supported.