Home' Trinidad and Tobago Guardian : January 29th 2015 Contents The bring-your-own-device
(BYOD) phenomenon continues
to make inroads into the modern
enterprise. According to Security
Intelligence, more than 60 per
cent of corporations now allow
or tolerate employee mobile
device use in the workplace. But
companies still have significant security concerns,
especially when it comes granting access to sensitive
corporate systems and data.
The fuel for BYOD is a growing drive for IT self-
sufficiency among company employees who already
own and use personal laptops, tablets and smartphones.
As many IT departments struggle to keep up with
the maddening pace of technology changes, company
employees increasingly want to use their own devices
to access corporate data.
Enterprise BYOD adoption rates vary by globally,
but by analyst estimates, have reached 40 per cent
to 75 per cent---driven largely by consumer smart-
phones and tablets. User-owned devices are often
newer, more advanced and more configurable than
the equipment deployed by corporate IT. From light-
weight ultrabooks to iPads and large-screened smart-
phones, these devices are changing the way that
people want to work. They also hold the promise of
increased employee productivity and reduced IT spend.
But BYOD comes at a price. If not fully regulated,
user-owned devices can threaten IT security, and put
sensitive business systems and data at risk.
Simply banning BYODs from the workplace is sel-
dom practical. According to Black Diamond, Wash-
ington-based market research firm Osterman Research,
there are now nearly twice as many personally owned
iPhones, iPads and Android devices today than their
Many IT managers have already discovered the dis-
concerting security implications: greater difficulty
determining which devices are accessing which systems
and data and less control than ever over corporate
data access from a growing number of consumer
"Prohibiting BYOD just pushes user owned devices
underground where you lose sight of them and their
impact on corporate systems. We'd rather see all
devices and deal forensically with risks, than try to
block them outright," said Kevin Khelawan, chief
operating officer at Trinidad-based Teleios Systems,
a software development firm.
"If you're too permissive with BYOD, you're open
to data security risks. So we need to be smarter about
how we use them."
Done right, however, there are some key advantages
to operating a BYOD strategy, including cost savings
(reduced hardware spend, device maintenance and
software licensing); employee productivity gains (work-
ers can work more flexibly, are more comfortable and
often work faster with their own technology); and,
consequently increased employee satisfaction.
With these benefits in mind, here are 5 tips to boost
your organisation's BYOD security.
Crystal-clear use policies
Clearly define your BYOD policy. Use uncomplicated
language to make it clear where responsibilities lie
and what kind of consequences will result from misuse.
For example, clarify who is responsible for device
maintenance, make end-users responsible for backing
up their data, and explicitly state what actions (such
as installing an unapproved app) will negate BYOD
When it comes to managing BYOD resources, enter-
prises often encounter the problem of sprawl: Too
many devices spread out across local and satellite
offices, homes and even vehicles make broad policy
enforcement seem difficult, if not impossible. Secure,
cloud-based services offer a way to manage this risk
without the need to define separate protocols for each
physical instance. So long as BYOD devices all connect
to the same corporate cloud, the same network restric-
tions can be enforced regardless of location; employees
at their desks, those working from home and even
on the road all fall under the same security umbrel-
Authentication is a critical factor in BYOD security,
and offers two ways for enterprises to limit their threat
exposure. Two-factor authentication should be required
for any kind of corporate network access: In its most
basic form, this means the use of a one-time code
in addition to login/password information. For
enhanced safety, require a token or other physical
access element. In addition, tightly curate mobile
access: If an employee is not directly involved in a
department, project or process, sensitive data should
be made off-limits.
Use of biometrics security takes authentication to
another level. With illegitimate mobile access becoming
the biggest threat to network-centric security, a
primary challenge is hardening access to the server
by identifying and authenticating the end-point access.
By enabling multi-factor authentication, biometrics
allows both security and privacy on the network.
Defined e-mail parameters
Email remains the single most requested point of
access for BYOD workers. At the same time, it poses
significant risks to organisations if compromised or
misused. To combat this problem, enterprises can set
policies to limit file attachment sizes and the length
of time emails are accessible. Such steps can better
alert IT and prevent malicious actors from gaining
access to large data volumes from mobile devices.
There's no doubt that "bring your own device"
movement will continue to advance, driven by employ-
ee demands to use the devices, applications, and cloud
services they prefer. Yet, with the right BYOD policy,
the security risks and the complexity of managing
the myriad of personal devices in the workplace need
not outweigh the benefits.
Make sure your organisation is taking the steps
necessary to mitigate the risks and enjoy the bene-
Bevil Wooding is the chief knowledge office at Congress
WBN (C-WBN) an international non-profit organisation and
executive director at BrightPath Foundation, responsible for
C-WBN's technology education and outreach initiatives. Follow
on Twitter: @bevilwooding
JANUARY 2015 • WEEK FIVE www.guardian.co.tt BUSINESS GUARDIAN
COMMENTARY | BG17
NCB Global Finance Limited
Trinidad and Tobago
MANAGER - CORPORATE AND
QUALIFICATIONS AND EXPERIENCE
QUALIFICATIONS AND EXPERIENCE
Bring your own
5 tips to boost your organisation's BYOD security
Links Archive January 28th 2015 January 30th 2015 Navigation Previous Page Next Page