InfoWatch and Sophos talk BYOD security

BYOD is one of the biggest challenges facing the modern enterprise; experts look at the biggest threats and how to stop them.

Tags: InfoWatch (
  • E-Mail
InfoWatch and Sophos talk BYOD security Alexander Zarovsky, international business chief, InfoWatch
More pics ›
By  Georgina Enzer Published  April 19, 2013

BYOD is one of the biggest challenges facing the modern enterprise; experts look at the biggest threats and how to stop them.

What are the biggest threats BYOD brings to the enterprise?

Alexander Zarovsky, international business chief, InfoWatch
We see the BYOD trend presenting three main challenges to businesses. The first involves the loss of mobile devices. According to InfoWatch Global Data Leakage Report, H1 2012, 18.2% of all data leakage incidents in companies occur because of loss or theft of various mobile devices containing sensitive corporate data. Often staff fail to use the necessary security tools, such as encryption, on their mobile devices and ‘misplace’ their gadgets in public places. The second challenge is the vague limit between personal and corporate data on private mobile devices of employees. This data should be used and stored separately on a private device, thus companies require special policies for BYOD regarding personal and corporate data processing. The last difficulty is intellectual property protection. Employees often regard the results of their intellectual work as their private property, where as a matter of fact, it is usually the company’s property.

Barbara Hudson, Sophos product marketing manager
Personally-owned devices bring consumer and other untested applications into the enterprise, which in turn can affect the enterprise network bandwidth and security. Android devices in particular have been seen to be a common target for cyber criminals who infect applications with malicious code designed to steal data and cause costs. As the user is always the administrator of the device, it can be very hard to forbid applications, or delete them as it is, after all, a personal device. Users often remove passcodes and screen-locks from their various mobile devices, which is a risk if a device is lost or stolen.

What is the best way to protect the enterprise network from BYOD threats?

Alexander Zarovsky, international business chief, InfoWatch
In order to protect corporate data on a device which is lost or stolen, the IT team should use encryption and Mobile Device Management (MDM) solutions. The latter allows remotely controlling data on mobile devices including remote data removal - if the gadget is lost or stolen.To secure private and corporate data the most appropriate technology is Data Leakage Prevention (DLP) which provides for scenarios of using the mobile gadgets as data storages and data exchange devices (e-mail, Skype services, etc.) If staff are allowed to use private devices in corporate network, it would be reasonable to install monitoring agents on each device and control traffic from these devices on the corporate gateway. Security policies must include dividing private correspondence from corporate, access restrictions of private devices to corporate resources and using encryption.

Barbara Hudson, Sophos product marketing manager

The first step would be to introduce a Mobile Device Management (MDM) solution to manage and control which devices have access to the enterprise  network. This should allow the enforcement of security policies and ensure devices which are not compliant no longer have access to the network. The solution should also offer the possibility to deploy a security solution to protect Android mobile devices from malicious applications and other threats and ensure the protection remains installed on the device. A further step would be to prioritise WiFi bandwidth for business applications. And the third would be the ongoing process of educating users.

Should companies restrict BYOD to protect their network?

Alexander Zarovsky, international business chief, InfoWatch
The practice of allowing corporate access to personal devices in the Middle East region is among the highest in the world. However, the majority of employees expect their companies to grant them corporate mobile gadgets for executing their duties. If the company requires its employees to be available 24 hours  per day, seven days a week, it should invest in providing him or her with a corporate device. If there is no such business need, there is then little sense either providing a corporate gadget or allowing him or her to use their own device in the network.

Barbara Hudson, Sophos product marketing manager

It is often a good idea to introduce BYOD in stages rather than throughout the whole company from the offset. BYOD is a learning process which is individual to every organisation. Businesses can look at user segmentation to see who need how much access and what controls are necessary. Many companies also restrict the number of platforms they allow. Mobile Device Management to support BYOD doesn’t have to be complex and if IT resources or expertise are limited, then it may be better to look at a hosted SaaS solution, or purchase from a Managed Service Provider to bridge the gap.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code