BYOD could mean ‘Bring Your Own Disaster’ if security risks aren’t planned for by organisations in the Middle East
Ammar Enaya, Regional Director, HPE Aruba, Middle East & Turkey
As adoption of wearables becomes more mainstream in the Middle East, it brings added complexity to BYOD in an enterprise. One of the more interesting features of wearable tech is its ability to tether to, and control, smartphones over a remote connection.
So even if wearables are denied access to enterprise networks, they may already be able to access it. Which means they can download and store company data. Many come with built-in cameras. This will understandably make IT departments worried.
According to recent studies by Aruba, the new generation of employees –#GenMobile – expect mobility at the workplace to be a given, so any blanket decision to ban such devices from the workplace will be highly unpopular. In fact, almost two thirds of study respondents say they use mobile devices to help them manage their work and personal lives better.
If the decision is made to accept wearables into the organisation, it is unlikely that existing BYOD policies that govern the use of corporate data be enough – new policies will be required.
When tinkering with these policies, CIOs have to keep in mind the fact that there will be other IoT-based devices coming along that could be embedded into an employee’s clothing or even office kitchen appliances. The acronym “BYOD” will soon have to be replaced with “BYOX”, with the “X” symbolising “practically anything”.
Failure of First Generation of BYOD policies – Lessons to be learnt
The first generation of BYOD devices received similar levels of access to the network, in a fairly uniform approach. This needs to stop. CIOs should now turn their attention to the context of the use case, and the underlying communications network. This means putting in place solutions that can secure any mobile device that connects to corporate Wi-Fi; giving them complete visibility of the number, type and frequency of mobile devices assessing their network.
Today’s network should be capable of enforcing flexible security policies that are capable of analysing – and acting on – the context of how an employee uses the mobile device. For instance, an employee using a smartwatch at a coffee shop to access corporate data may not be granted the same level of access as one who uses a PC during office hours. Depending on the context, different policies should be applied to make sure that the right balance between flexibility and security is met.
By incorporating these new levels of network visibility, companies will also be able to identify specific applications and who is using them. After these apps are identified and visualised, access controls and policies should be applied to prioritise the performance of business-critical apps over personal ones. By analysing and controlling access management systems, it is possible to get as granular as disabling a device’s camera in restricted locations.
Key security considerations for BYOD
People talk about BYOD or ‘choose-your-own-device’ – but it could really end up being BYOD ‘bring-your-own-disaster’ if you haven’t thought about the fallout of that going wrong. There are a number of security habits companies need to adopt to adequately protect themselves against a breach:
1. Regulate Wi-Fi traffic with intelligent policy firewalls that can keep track of app usage. This ensures that different apps are classified according to its security rating based on the role of the employee within the organisation. These apps would be allowed to be used on select mobile devices by select users, only if they satisfy live security monitoring by the policy firewall and cloud-powered content filtering.
2. Make sure that all communications over the air are encrypted and sent over secure channels. This requires a smart combination of encryption and VPN-on-demand technologies that prevent information from being snooped on, and – even in the event that the information falls into the wrong hands – is rendered gibberish.
3. Focus on the interactions between users, apps and data. The perimeter has shifted from the idea of building a wall around your enterprise and fortifying your organisation with a firewall. The Internet of Theft (IOT) and Bring your own Disaster (BYOD) have become prevalent in the organisation, considering that business users and consumers nowadays demand access to data and business insights anywhere and in a commoditised form.
4. Managing the security of BYOD, IoT, BYOX, whatever you’d like to call it, requires a secure yet flexible wireless network within the workplace. Companies should deploy flexible security policies that are capable of analysing – and acting on – the context of how an individual employee is using a mobile device, and where they are accessing information from.
By all means, organisations in the Middle East should embrace #GenMobile’s penchant for openness, innovation and collaboration, using any device they wish. But only when they can understand and plan for the security risks these behaviours bring along.