Companies are going to have to move away from a mobile security stance to a mobile device management approach if they are going to embrace Bring Your Own Device (BYOD) without compromising information security.
Richard Broeke, an IT security expert at Securicom, says BYOD gives rise to a complex set of security risks that cannot be adequately-addressed with disparately-applied mobile device security technologies. When it comes to mobile security and mobile device management, there’s a big difference.
“BYOD is increasingly allowed in today’s business environments. It’s an approach that allows companies to cost-effectively empower people to work-on-the-go using their own devices of choice. However, every personally-owned device throughout an organisation becomes a conduit for business communication and transactions, a store of important company information, and a gateway to the company network.
“Even if employees have some sort of mobile security software running on their devices, it’s not enough. Disparately-installed security technologies aren’t capable of protecting and managing a company’s intellectual property housed on devices. They simply cannot deliver the necessary level of control to manage how data is stored and used on employee devices.
“With increasing regulation around data protection, control over the use of corporate data on employees’ devices is something all companies should be concerned about,” he says.
Mobile security technologies, of the ilk provided by device manufacturers and cellular services providers, are typically designed to protect the device against malware such as viruses. This is relevant given the rising tide of malware. According to Osterman Research, Android-focused malware, which represents the bulk of new malware variants, grew by 680 000 samples during the third quarter of 2013, an increase of one-third from the previous quarter. Add to this the fact that 79% of the top 50 iOS and Android apps “are associated with risky behavior or privacy issues” (Webroot).
But, they aren’t geared towards protecting the data that resides on the phone from unauthorized access or use. With an effective MDM solution, companies enforce basic security requirements, such as virus protection, and also control how, when and by whom sensitive data is transferred and used on mobile devices. Employees not authorized to process or store sensitive information on their personally-owned devices can be prevented from doing so. MDM technologies, while ensuring that device-side security is applied according to company policy, also enable companies to monitor mobile device connections to the network.
“MDM is all about the data. Even in a BYOD scenario, a credible, enterprise-grade MDM solution gives companies the power to configure and provision devices, enforce security software updates, manage access to company resources from mobile devices, set usage policies around what users can do with certain file-types, monitor device compliance and decommission devices, amongst other things.
“And, it is possible to do all of this without impacting employees’ user experience or the personal data they have on their devices. In fact, the best-of-breed XenMobile MDM solution features a compliant secure container and provides app data encryption on the device while separating personal and company information.
“What this means is that companies can effectively and efficiently empower employees to work and connect with their favourite devices, while staying in control over network and data security,” concludes Broeke.