BYOD 'requires' data centre security upgrades
Condo Protego warns of vulnerabilities as more regional companies adopt BYOD
Organisations in the Middle East are at increased risk of falling victim to external threats if they do not upgrade their data centre security in line with the growing use of bring-your-own-device (BYOD) in the region, according to Dubai-based data storage and security firm Condo Protego.
According to a report from MicroMarket, the Middle East and Africa (MEA) BYOD market is expected to grow from $11.1bn in 2013 to $30.03bn by 2019. Much of this growth is being driven by an increasingly tech-savvy workforce - half of which, according to Gartner, will supply their own devices by 2017.
However, Condo Protego warned that, while BYOD can boost productivity and save organisations money on procurement, security dangers increase as a result of it. The firm said that BYOD often allows employees to bypass IT admin rules, while lost devices can expose confidential data outside the company.
"While BYOD can lead to happier, more productive employees able to work flexibly on devices they are comfortable with, organisations need to recognise it also presents security risks - from the spreading of malware to security policies being bypassed and confidential data exposed,'' said Savitha Bhaskar, Condo Protego's general manager.
"CIOs and IT managers are under increasing pressure to protect their networks - while operating on ever-tighter budgets - and consequently there is a clear need for much greater awareness about the dangers posed by BYOD."
Bhaskar said that a major security threat posed by the BYOD trend comes from when personal devices access business servers and bypass network policies that would traditionally apply to business-owned devices. She said that this could result in the spreading of malware and vulnerabilities, or else data leakage or endpoint security issues.
Employee-owned devices may also carry confidential and proprietary information, meaning a lost device could mean unknown exposure, Bhaskar said. She cited a Cisco Middle East ICT Security Study, which revealed that 65% of employees don't understand the security risks of using personal devices in the workplace.
When forming a BYOD strategy for their business, then, Bhaskar said that companies need to take a number of considerations into account. First is to get a baseline of what the environment looks like by using tools that monitor the network and provide an inventory of what is connected to it, she said.
Following this, they can then define which devices are permitted to connect to the network and secure sensitive business applications and data, and decide whether or not personal devices can access this content, she explained. Bhaskar said that enforcement tools, such as mobile device management (MDM) software, are critical to address security and compliance concerns.
"Employee training is also crucial," she added. "Companies should educate employees about how to appropriately use their own device in the work place, and what risky behaviours to avoid."