Story image

BYOD security policies vital

27 May 2015

Bring Your Own Device policies only work if everyone within an organisation is committed to following appropriate security policies.

That’s the word from Rick Bell, architect for UXC Connect, who says BYOD has become a fact of corporate life so organisations need to know how to govern it effectively.

“People are often tempted to bring their own device because the technology is often more advanced than what they are likely to be issued with in a corporate device,” Bell says.

“Often, it’s the senior executives that expect to be able to plug their new device into the corporate network without due consideration for security policies.” 

Bell says BYOD security policies must take into account that, regardless of the device used, the network must be secured to protect the crucial data on which the organisation relies. He says mobile devices, if not properly secured, can introduce malware and security breaches that can compromise the security of the entire business. 

To overcome this, organisations must put clear guidelines and policies in place on what types of devices are acceptable and what needs to be done to ensure they are secure. Bell says these policies must be communicated in a formal manner to ensure all employees are aware of the requirements and, potentially, any penalties for non-compliance. 

“Corporate network security is vital, and organisations cannot take chances when it comes to introducing new devices into the network,” Bell explains. He says there must be standards and systems in place to maintain that security.

“For example, a mobile device might include security measures such as encryption, two-factor PIN authentication or containerised applications and data protection,” he says. “Not all consumer devices can do this, which means those devices may not be appropriate for the corporate environment.” 

Additionally, organisational policies should be set and overseen by a committee that includes senior executives from both business and technology. 

“Because senior executives often expect to be able to use their personal devices in the business network, it is essential to educate them regarding the risks of doing so,” says Bell.

“One of the most effective ways to achieve that is to include them in the steering committee that develops, communicates, and enforces the rules regarding BYOD. This can help reduce the risk that executives think the rules don’t apply to them, and most importantly, it espouses the right security-sensitive culture across the organisation by leading through example.”

Bell says policies and standards can be enacted through an enterprise mobility management platform. “This is fairer on everyone because expectations are set across the board. And it reduces the number of unauthorised devices that can compromise the network,” he says. 

“By doing this, organisations can then leverage mobility initiatives and BYOD policies to deliver the benefits with the assurance that network and information security will be maintained.” 

Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.
IBM X-Force Red & Qualys introduce automated patching
IBM X-Force Red and Qualys are declaring a war on unpatched systems, and they believe automation is the answer.
Micro Focus acquires Interset to improve predictive analytics
Interset utilises user and entity behavioural analytics (UEBA) and machine learning to give security professionals what they need to execute threat detection analysis.
Raising the stakes: McAfee’s predictions for cybersecurity
Security teams and solutions will have to contend with synergistic threats, increasingly backed by artificial intelligence to avoid detection.
Exclusive: Ping Identity on security risk mitigation
“Effective security controls are measured and defined by the direct mitigation of inherent and residual risk.”
CylancePROTECT now available on AWS Marketplace
Customers now have access to CylancePROTECT for AI-driven protection across all Windows, Mac, and Linux (including Amazon Linux) instances.