BYOD enterprise security focus moving from devices to apps

Tools

The increasing frequency of data breaches resulting from companies allowing employees to bring their own devices to work are a result of poor BYOD policies and lack of technology to implement those policies, according a panel at the 2013 Consumer Electronics Show being held in Las Vegas this week.

Now, some groups are suggesting that enterprises need to focus more on applications and less on devices, in order to prevent future data breaches.

Robert Tinker, chief executive officer of MDM provider MobileIron, said that his company's customers want to move beyond the device and focus on the app and content. "The challenge is how to you enable users to get their email, apps and content on any device they choose with a great user experience but also security. It's a balancing act," he said.

According to a survey conducted by IDC on behalf of Samsung, 85 percent of enterprises permit BYOD, but only 25 percent to 30 percent have developed policies and deployed technologies to manage those devices and secure data, noted Tim Wagner, general manager for enterprise sales and marketing at Samsung.

Wagner predicted that within a year, smartphones will have a choice of having security products built in. "When you go and buy a device at retail and take it out of the box, part of the set up will be choosing a security app," he said.

 "The key thing from a BYOD standpoint is that it is virtually impossible to rely solely on what is built into the device to prevent data from leaving the device," said John Herrema, senior vice president of corporate strategy at mobile device management provider Good Technology. "If you deploy business applications to users that are secure in the first place, and you manage the data and applications strongly, this will prevent the data from leaking," he added.

Employee use of Drop Box and other cloud services could pose risks to corporate data, and some enterprises are blocking access to those services. "You need to focus on your own data first. If you control over your own data and applications, you don't have to do as much blocking" of cloud services, Herrema added.

Allison Cerra, vice president of marketing, communications, and public affairs with Alcatel-Lucent, said her company conducted a survey of enterprise workers and found that 20 percent of workers would be willing to pay $5 a month for enterprise-provided cloud-based services, similar to Drop Box.

A recent survey of 500 United Kingdom chief information officers found that over half of corporate networks have been breached because of BYOD.

Enterprises that take the initiative and implement a BYOD policy and technology are in a better position to prevent data breaches and protect their networks from attack, the panelists agreed.

Related Articles:
Spotlight: Insecure mobile operating systems pose corporate security risks, warns Coalfire
Survey: Over half of UK corporate networks breached because of BYOD