As the bring-your-own-device (BYOD) trend intensifies, security will become a growing concern for organisations. Considering that last year over 60 million tablets and 472 millions smartphones were sold, according to Gartner, it is inevitable that these devices will increasingly appear in the hands of employees in your business. Naturally they will increasingly expect to connect these devices to your network and use to access corporate data.
So how do you secure these devices to ensure your data – and network – remain protected?
Identity and access management will be crucial to secure devices, data and networks in the age of BYOD, research firm Gartner explained at the recent 2012 Gartner Security and Risk Management Summit in Sydney.
Essentially, Gartner proposes a three-tiered approach – secure the device, secure the data and protect the network.
Secure the device
BYOD is not only about technology; it is also about various policies.
The best option to secure devices is to implement a mobile device policy, which forms part of a mobile device management (MDM) tool.
The policy can include various rules that need to be adhered to before a device is allowed to access the corporate network. The number one rule here should be that no device will be “jailbroken”. The policy also needs to include clauses such as assurances that the device’s OS will be kept up to date - for encryption purposes. Ensuring that the device is always up to date means the user will stay ahead of potential security threats based on older outdated OSs which can easily be compromised.
It is also good practice that the supervisor and the employee sign the BYOD policy together. This helps ensure the policy becomes a mutual agreement between the employee and the business where both parties buy in to the arrangement, rather than a set of rules needing strict enforcement.
It also means employees will better understand the policy and reduces the risk of people breaching policy due to an ignorance of the rules.
Secure the data
Once the device is secured look at protecting the data it contains. One option here is to deploy virtual desktop infrastructure (VDI) based on traditional thin clients, such as Citrix Receiver. This will give users access to the information and systems they need to work from anywhere and on any device in a secure virtual environment – without ever storing any crucial data to the actual device.
A content-aware data loss prevention (DLP) solution or strategy offers another layer of protection. Gartner predicts that by 2014 more than 50 percent of organisations will use some form of content-aware DLP capability, but only 30 percent of them will have a comprehensive enterprise content-aware DLP solution or strategy.
Again the technology is an important part but that alone won’t make it successful. Once more, what is needed is to implement a strategy with policies which will recognise the significant requirements from both employees and the organisation. This will have to be clearly communicated across the business.
Protect the network
This remains the same as you do today – once you have mobile device management (MDM) tool in place, devices can be managed through your current network access control systems. A full network access control (NAC) implementation would support detecting when a device connects to a business system or application, as well as determining the trustworthiness of the device and then controlling access depending on the device, the user and the trust level.
In the near future companies will also create areas with limited access network zones for BYOD’s to allow a productive work environment, at the same time protecting vital company data. This will need to be achieved with single sign on.
Currently, there’s a difference between mobile and traditional IT security, but identity management is becoming the new priority.
In time, access to the network will be managed by tapping into users’ social networking identities associated with their devices. Gartner predicts social identities will be incorporated into corporate security with network administrators using mobile authentication to establish who you are through device identification and location aware tools.
In fact, it expects that by 2014, 85 percent of organisations will have single sign-on for SaaS, which means devices and connections will need to be highly secure to support this.
Admittedly, the rise of BYOD does present some challenges and headaches for IT departments. However, embracing this trend and leading the development and implementation of system and policies to harness BYOD, presents a golden opportunity for IT administrators to once more demonstrate their value to the business.
Gerhard Nagele is business manager for IAAS and security at Gen-i. Before this, he was GM service delivery and projects at commercial kitchen supplier Burns & Ferrall for nearly six years.
Follow CIO on
Download CIO for your tablet here.
Click here to subscribe to CIO.
Sign up to receive free CIO newsletters.
Send news tips to firstname.lastname@example.org
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.