The ABCs of BYOT security

Stay secure when you allow employees to bring their own applications, bandwidth, clouds or devices to work

Share this article:

The National Association of Software and Services Companies (NASSCOM) revealed that enterprise mobility spending will rise from 5% to 10%-12% of IT budgets by 2020. The key driver for this increase in spending is the variety of consumer mobile devices that employees are using to access corporate data.

Allowing employees to bring their own devices to work can lead to greater flexibility, productivity and job satisfaction. However, it can also bring you a ton of headaches as you try to secure all of these new devices.

If you want your BYOT initiative to be secure and successful, you must address the following ABC’s.

1. BYOA (Bring Your Own Applications)

As the demand for BYOD increases, more employees are self-sourcing cloud-based file synchronization, file sharing and other third-party applications to keep data consistent across all of their devices. Ovum Research identified that over 57% of employees use these apps to increase their personal productivity, and 40% of the apps are self-provisioned.

Whenever someone in your company uses a third-party app, they run the risk of bringing malware, spyware and other security threats into your network. Since many of these apps have become a vital part of employee communications, you can’t ban them. However, since you can’t lock them down as you would with corporate-sponsored apps, each new third-party app can multiply your security concerns.

Your first step should be to find out which apps have proliferated within your company, assess their use and deploy a secure version of them, says James Staten, vice president and principal analyst at Forrester Research. “Learn what your company is doing with the cloud first, then decide [whether] what you’ve learned is good for the company or bad for the company,” he advised.

If you allow third-party apps to access your network, also make sure that you have the right security policies to protect yourself from threats. For example, passwords, device restrictions and virtual private networks can help lock down data and make it difficult for outsiders to access your corporate information. Your mobile device policies should also move beyond “block and allow” to enable control of the devices on a more granular application and operation level. Access restrictions to corporate data to and from non-standard apps should also be enabled.

It is also recommended that IT and the CIO spend time with the user community within the organization to explain why you need a policy to protect your company’s data and how you have implemented it.

2. BYOB (Bring Your Own Bandwidth)

Using outside networks, such as Dropbox and Google Docs, can enhance your team’s productivity and make it easy to work from any device. However, any time you allow a third-party network to touch your network – especially when all of these networks are being used concurrently – you lose some control and run the risk of not knowing exactly what outside networks employees are connected to at any given point in time.

In addition, employee multi-modal activities can put data and applications that were previously only available behind corporate firewalls into the reaches of hackers. When corporate data or resources are accessed in this manner, you have no way of securing them. This is because the data is now outside the reaches of your company’s security applications and its data integrity and protection policies.

There are several ways to limit your company’s security exposures:

  • Use tools such as mobile-device management (MDM) software to help create, implement and manage corporate data access policies across a range of devices (regardless of their manufacture or OS), as well as ensure uniformity and ease of oversight. When deployed in conjunction with comprehensive identity management, you can minimize your security risks through more precise content classification and data analytics.
  • Implement connectivity usage policies and have employees review them on a regular basis with HR. This ensures that employees understand the policies –along with the potential consequences of not adhering to them.

3. BYOC (Bring Your Own Cloud)

Cloud-based business services, such as, Office 365 along with consumer cloud services such as iCloud and Silverlight, are great for enhancing collaboration and getting work done while you’re on the road. However, they also raise a number of privacy and security issues, such as concerns over security breaches and ensuring that corporate documents stay within the company.

These services enable employees to leverage applications in cloud-based networks (public cloud, corporate cloud, private cloud and personal cloud) without specific demarcation points or security check-points. Herein lays the security complexity – as employees intermix these cloud services, corporate data can be compromised at any point without their knowledge.

In addition, employee personal devices can place a huge bandwidth drain on your organization and create problems with resource contention across these applications. While your colleagues benefit from the free bandwidth, their endless video downloads can cost you more in terms of IT expenses and lost productivity.

While it’s next to impossible to ban employees from using these services, there are steps you can take to keep your data safe in the cloud.  For example, you can place restrictions on which employees are allowed to access your data in the cloud. You can also encrypt your data and use dedicated cloud backup and recovery services that are accessible only from specific, corporate-approved and controlled IP addresses. Once again, this goes hand-in-hand with the appropriate use policies and restrictions.

4. BYOD (Bring Your Own Device)

BYOD poses a number of security challenges – from securing different operating systems to creating policies that protect devices if they are stolen or lost. ZDNet reported that every day, 200 phones are left in New York City cabs. This adds up to 73,000 phones per year – just in cabs in one city!

While it’s easy to wipe data from a dedicated corporate device, this can be challenging if the device belongs to an employee and also contains personal data.

David Mitchell Smith, VP & Gartner Fellow advocates that if the benefits of BYOD and are to be obtained, such programs must allow employee choice in all areas of use and control.  “Following a < less is more > approach can help. Manage and support less – use ‘best effort’,  or use ‘lightly managed’ approaches, such as Exchange ActiveSync with remote wipe may well be good enough.”

For corporation that need higher levels of security and control, this can be best achieved by separating personal data from corporate data on all of your employees’ phones. BlackBerry has done this best by splitting its devices in two persona’s, so you can run a personal and a business instance on one device – where Corporate IT can keep the business data separated from personal data.  Then, Corporate IT can remotely wipe the corporate data if/when the device is lost or the person leaves the organization.

As the BYOT trend continues to grow, targeted attacks on mobile devices will also increase. This means that one-size-fits-all security solutions simply won’t work for most companies. To address the ABC’s of BYOT, you must implement the right policies and look at a network-based security solution that extends web-based threat protection to mobile devices and offers granular control over native, mobile browser and web applications.

What about you? What are your biggest BYOT security challenges? Please leave your comments and questions below.

Get much more information and advice by downloading Allstream’s new publication, The Internet Security eBook: A Self-Assessment Guide.

Image courtesy of digitalart at

Share this article:
Comments are closed.