How to Solve the BYOD’s Security Conundrum -ITNEXT

http://www.itnext.in/content/how-solve-byod’s-security-conundrum.html[9/23/2013 4:58:53 PM]

TECHNOLOGY HOW TO CAREERS RESOURCES INTERVIEWS NEXT CIO follow us

Applications | Green IT | Mobility | Open Source | Security | Storage | Cloud Computing | Analytics | Virtualisation | Collaboration

INTERVIEW

FORUMUPDATESINSIGHTOPINIONSINTERVIEWSPRODUCTEVENTSEVENT GALLERIESBIG Q15-MINUTE MANAGERRESOURCEVIDEOWEBINAR

to IT Next newsletter andmagazine

SUBSCRIBE

Current Past issues

MORE INFO

ABOUT USAbout 9.9Submit Press ReleasesWrite to EditorPrint IssuePrint Issue Archives

IT NEXT

ADVERTISE

COBOL on an IntegrationSpreeDang elaborates on theinnovation in traditionalCOBOL and how it offerscost savings to customers...

No longer is i t about IT dictat ing the pol icies and prescript ions of the user andenabling them to use technology. Now, i t is the users who drive any trend related toIT, with IT heads having to amend their pol icies based on user dictate. BYOD (bringyour own device) is clearly an indication of this trend, as individuals are focused ondriving innovation rather than enterprises.

Shantanu Ghosh, VP & MD, India Product Operations, Symantec, reiterates that forbig businesses, this change can be hard to deal with – from using standard- issuelaptops, smartphones and operating-systems often dictated by the preferences ofthe IT department, today’s employees are demanding that they be al lowed to usedevices of their choice. But i f you’ve ever tr ied to transfer data between devicesthat use dif ferent OSes, you can imagine the scale that enterprise IT is deal ing with,with thousands of devices on mult iple formats and platforms entering the networkevery day.

In fact, according to Symantec’s most recent State of Mobil i ty Survey , 72 per centof Indian businesses have faced mobil i ty incidents in the past 12 months, causingrevenue loss of 37 per cent, which i l lustrates the increasing threats. While six out of10 Indian organisations consider themselves “ innovators” in the area of mobil i ty,organisations faced 50 malware infect ions, 31 breaches through lost/stolen devicesand 34 exposures of information over the past year. In fact, 86 per cent had tochange pol icies as a result of mobil i ty incidents, with 1 in 4 banning personal dataon corporate devices and 4 in 10 restr ict ing mobile device usages through HRenforcement. Against this backdrop, CISOs are embarking on the new task oftackl ing this trend by way of understanding the r isks, bringing in appropriatepol icies and tools and best pract ices to ensure that the trend is leveragedposit ively.

Ashish Thapar, Head -Global Consult ing & Integrat ion Services, Verizon Solut ions,advocates that CISOs have a very clear pol icy to identi fy the device as basel inesecuri ty gets cr i t ical.

Rendezvous with Risks in BYOD

Chief Securi ty Off icer, Cognizant, Satish Dash sees the r isk of non -compliance toorganisational and cl ient securi ty requirements, increase in vulnerabi l i t ies and dataleakage and privacy concerns.

According to Jagdish Mahapatra , MD , India & SAARC, McAfee, BYOD is rooted inthe fact that the mobil i ty of these devices introduces securi ty management issuesaround access control, data protect ion and compliance. Addit ional ly, employee-owned devices used for work introduces added IT complexity as i t isn’t always clearwho owns the device, and furthermore, who owns what data on the device. “With theintroduction of these new, unsecured and possibly non -compliant devices easi lycoming in and leaving with business sensit ive information, a securi ty andcompliance hole is forcing a re- think of how best to secure the organisation and i tsbusiness data,” says Mahapatra.

Mahapatra argues CISOs need to look at the BYOD pol icy from dif ferent anglessuch as Data Loss Prevention, Authenticat ion system, internal intrusion preventionsystems, internal f i rewalls, securing Wi-Fi , DC, Network Admission control etc. Ontop of al l this, the internal IT pol icy should be detai led and fool -proof to drive theinit iat ive and guide effect ively and prevent fai lure of specif ic tools. The chal lengesneed to be addressed at a hol ist ic level.

However, the key r isks that Suni l Varkey, Chief Information Security Off icer, WiproTechnologies, f inds, is securi ty governance around Data Loss and Data Leakagealong with software l icensing compliance, segregation of data etc..

“ Intended or ignorant leakage of corporate sensit ive data from BYOD device remainsthe key chal lenge for any CISO,” says Varkey.

It is also observed that securi ty r isks also vary with each enterprise’s focus area.For instance, Amit Pradhan, Chief Information Security Off icer, Cipla, f inds threekey r isks associated with the BYOD trend.

a. Data transfer from corporate environment to personal environment

b. Data loss with employees leaving the organisation

c. Unauthorised access to corporate data by unauthorised user of the user device(fr iend, col league, etc.)

The accompanying chal lenges are, as Pradhan observed: “I bel ieve the majorchal lenge a CISO faces today is managing the cost for managing securi ty onpersonal devices used in the BYOD culture. With a variety of operating systems l ikeAndroid, iOS, Blackberry, Windows, etc., signif icant investment goes into buying asecuri ty solut ions to control corporate data on these devices. Addit ional ly, with

How to Solve the BYOD’s Security ConundrumCISOs are working out a strategic plan to solve the BYOD risk puzzle usingbest practices

13 SEPTEMBER 2013

FIND US ON TWITTER

Tweets about "#bigdata or #Analytics or #cloud"

FIND US ON FACEBOOK

Find us on Facebook

498 people like ITNext.

ITNext

Like

Facebook social plugin

ITNext

IOS 7 Screenshots (5photos)

20 September at 09:49

RESOURCES

MORE

OPINION POLL

What percentage of On-Premise solutions will bereplaced by the Cloud Services in your organisation?Poll result

<10% (50%) 20% (0%) 30% (25%)

Panda Antivirus Command LinePanda Software | FreewareUpdated on 23 September 2010

SysAid Help Desk and Asset ManagementSysAid Technologies | FreewareUpdated on 22 September 2010

Windows Malicious Software Removal ToolMicrosoft | FreewareUpdated on 21 January 2010

TOOLKIT WHITEPAPER REPORT

Close

How to Solve the BYOD’s Security Conundrum -ITNEXT

http://www.itnext.in/content/how-solve-byod’s-security-conundrum.html[9/23/2013 4:58:53 PM]

MEDIA KIT uncertainty of when these devices connect to the corporate network, a CISO facesthe chal lenges of ensuring that these are patched properly and reviewed,” he adds.

“A chal lenging but important task for companies who ut i l ise BYOD is to develop apol icy that defines exactly what sensit ive company information needs to beprotected and which employees should have access to this information, and then toeducate al l employees,” says Govind Rammurthy, MD & CEO, eScan.

Bring your own device (BYOD) to work may make employees happy but i t oftentranslates into the IT department handl ing the headache of safeguarding sensit ivedata, support ing mult iple devices and making things cl ick together. Personal devicessuch as the Tablet, Smartphone, laptop, etc. are general ly harder to secure thanorganisation- issued devices, as using these devices can put the organisation’sinformation and systems at a high r isk of compromise. In most organisations, BYODcannot be used as i t is not secured easi ly and effect ively.

Also, as mobile devices undergo rapid transformation and new devices f lood themarket at regular intervals, CIOs wil l have to keep pace with changes in devicesand their adoption, constantly changing and managing the permitted l ist of devicesand securi ty pol icies around them to better answer BYOD. In many enterprisestoday, mobile devices have become the weakest l ink in the securi ty strategy.

Need to Counter: What are the Best Tools and Practices ?

As the securi ty landscape gets more complex than ever before, CIOs need toleverage suff icient securi ty solut ions to safeguard the information at each and everylevel.

Atul Khatavkar, VP, IT Governance, Risk and Compliance, AGC Networks, stronglyrecommends best pract ices around enterprise Pol icy/Guidel ines/Handbooks thatclearly address BYOD issues raised above- -End Point Securi ty Tools, Data privacymanagement tool and BYOD management tools.

Khatavkar further points out that the stronger adoption of BYOD is now leadingtowards BYOD for social networking on the go. Therefore, i t is important to set clearguidel ines on defamation, data protect ion and privacy. Addit ional ly, encouragingdirect forms of communication wil l help in restr ict ing access to data loss. There is astrong need to educate the staff on organisational IT pol icies.

I t is also important to keep data back -up strategies in place while being compliantwith securi ty cert i f icat ions such ISO 27001, SSAE 16, SAS 70, SOC 2, ISO 22301etc ..

“While mobile computing is being promoted to be able to have real t ime data andinformation, organisations must ensure that devices are hardened and updated tohandle malware,” says Khatavkar. In paral lel , an organisation can implementpol icies l ike al lowing dif ferent kinds of employees to access varying levels ofinformation from their device, r isk based user prof i l ing, l imited extent of informationaccessible to users, developing securi ty awareness for BYOD Users, encouragingemployees to report violat ion or loss immediately, so that organisations can takeappropriate act ion to bui ld a robust environment

Das recommends having a well -defined BYOD pol icy with compulsory deviceenrol lment in place, securi ty awareness of end users, ensuring malware protect ionto be enabled on al l devices, ensuring having mobile device management (MDM)tools which are standardised across devices and device level encryption.

Sunil Varkey points that a combination of MDM solut ions with propercontainerisat ion with a mature process on defining, monitoring and control l ing whatdata and appl icat ion can be accessed by BYOD along with strong user awarenesson the cri t ical i ty of any data loss or leakage is the r ight ideal solut ion. “ BYODadoption should be in a phased manner related to appl icat ion, user base and datamoving to BYOD and a strong pol icy should defined and publ ished so thatexpectat ions from BYOD wil l be clear to al l consti tuents,” says Varkey.

Ghosh has suggested f ive key areas that every company should consider as theyestabl ish their mobile strategies to ensure high productivi ty without increasing theirvulnerabi l i ty:

Ensure secure access to apps: This means maintaining a strong focus on identi fymanagement. Organisations must focus on developing strong password pol icies fortheir employees’ mobile device use.

Protect your apps and data: With many organisations considering providing mobileaccess to enterprise content, i t places a lot of sensit ive data on mobile devices.Direct control of specif ic, cr i t ical apps and data (as opposed to device-basedcontrol) is a very effect ive approach to apply the desired layers of protect ion exactlywhere they are needed, without touching the remainder of the device.

Put in place effect ive device management: Devices that access business assets andconnect to company networks must be managed and secured according toappl icable company pol icies and industry regulat ions. Every company shouldestabl ish appropriate mobile pol icies, and those should be appl ied to al l manageddevices, just as pol icies and configurat ions are appl ied to corporate PCs andlaptops. Solut ions towards this include mobile device management appl icat ions,such as remote locking and wiping of stolen or lost devices.

Implement comprehensive threat protect ion: The fact is that mobile devices arerapidly becoming the new preferred target for bad guys. Dif ferent platforms havedifferent r isk prof i les, and i t is important to understand where vulnerabi l i t ies existand to take appropriate act ion to secure business assets. Good threat protect ionshould protect from external attacks, rogue apps, unsafe browsing, theft, and evenpoor battery use.

Supply secure f i le sharing: Although access, storage, and sharing of f i les are notuniquely mobile chal lenges, mult iple device ownership and the need to col laboratemake the cloud a driver for productivi ty, al lowing for simple distr ibut ion andsynchronising of information across devices. Businesses should have ful ladministrat ive control over distr ibut ion of, and access to, business documents onany network, especial ly in the cloud.

40% (25%) 50% (0%)

view older polls

How to Solve the BYOD’s Security Conundrum -ITNEXT

http://www.itnext.in/content/how-solve-byod’s-security-conundrum.html[9/23/2013 4:58:53 PM]

ABOUT US | CONTACT US | SUBSCRIBE | SITE MAP | TERMS OF USE | PRIVACY POLICY | ADVERTISE | MEDIA KIT | ABOUT TEAM

Also Visit: 9.9 Media | Industry 2.0 | Thinkdigit | Digit Channel Connect | Skoar! | London Speaker Bureau | The CTO Forum | The Growth Institute |Consumermate | CFO India | iGovernment | EduTech | Convergence

Copyright © 2009-10 Nine Dot Nine Mediaworx Pvt. Ltd. All Rights Reserved

Your name: *E-mail: *

Homepage:

Subject:

Comment: *

Math question: *

e) Employee education: Educating employees about the importance of placingstronger passwords, and using rel iable securi ty software for their devices andkeeping the software updated is a must. Put in place processes that wouldauthenticate employees and their respective devices. This would avoid mult ipledevices from being used by unauthorised people.

Related Articles

How to Assess Security Risks in a Scientific FashionTwo way authentication tool leverages MS Exchange 2013 ServerHow to Solve the BYOD’s Security Conundrum

Comments

There is no comment for this story, please post a comment.

Post new comment

The content of this field is kept private and will not be shown publicly.

8 + 11 = Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.

Input format