To BYOD or Not?

The world has fallen in love with devices such as the tablet and smartphone

  • E-Mail
To BYOD or Not?
By  Georgina Enzer Published  April 5, 2012

The world has fallen in love with devices such as the tablet and smartphone. Those who don’t have one want one and those who have them want to use them all the time, creating a massive headache for enterprise IT departments.

Gartner has predicted that big data and BYOD challenges will be the biggest considerations for enterprises in 2012, and Cisco has said that by 2015 the number of devices connected to IP networks will be twice as high as the global population.

So how are enterprises meant to keep up with this influx of largely unsecured devices connecting to their networks?

Well, at the moment it seems there are two roads being taken, the first, used by some of the government organisations in the UAE, is that personal devices are banned altogether and top-level and mid-management are issued with company devices to ensure the network remains secure.

In other enterprises however, it seems that workers can log in with their own device, seemingly with very little hassle or security checks.

Obviously the second road is going to lead to data loss, security breaches and, at worst, malicious viruses and malware that will take down the corporate network.

Gartner has put together a list of must-dos for enterprises before they consider allowing workers to sign on with their own device.

These include doing a full due-diligence to ascertain the readiness and need for a BYOD policy in the enterprise and assessment of the readiness of the IT department.

Security is a major issue, which can partially be mitigated by ensuring that devices that connect to the network have been properly security checked.

According to the SANS Institute, regular personal device security audits should be performed, to help to ensure the confidentiality, integrity, and availability of device and network assets, by verifying policy compliance, discovering weak or non-existent security controls, and detecting security events.

Before allowing devices onto the network, an organisation should conduct a personal device vulnerability assessment to identify known vulnerabilities and existing and potential risks.

With the massive proliferation of apps, organisations face another roadblock. Many app users download apps from insecure sources, enterprises must now ensure that apps used for business, and the types of data they are able to access or generate, are appropriate and properly tested.

Gartner suggests companies should go as far as developing apps in-house and building an organisation app store. This way, apps could be thoroughly tested and secured against malware infection or attack.

One of the cornerstones of successfully introducing BYOD into an enterprise is making employees aware of the risks devices can pose to network security; the corporation must write and enforce a clear and concise handheld device security policy.

But, human nature proves the downfall of the best laid plans.

How many of you can actually say you have sat down and read your company’s policies regarding device access from cover-to-cover?

So, what is the solution? Allow devices onto parts of the network, allow only certain levels of staff to access the network, or just ban everyone from using their own devices at work?

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code