More and more workers in Sri Lanka have started to bring their personal mobile devices to the office daily. This behaviour is called “Bring Your Own Device” (BYOD) and by no means that’s the end; it’s just an early symptom of the wider mobility trend infiltrating the corporate world. Mobile devices being used within organizations [...]

The Sundaytimes Sri Lanka

Information security watch – BYOD; more technology, more risk

View(s):

More and more workers in Sri Lanka have started to bring their personal mobile devices to the office daily. This behaviour is called “Bring Your Own Device” (BYOD) and by no means that’s the end; it’s just an early symptom of the wider mobility trend infiltrating the corporate world. Mobile devices being used within organizations are changing how workers do their jobs, where they’re doing their jobs, and how organizations prioritize workspaces. BYOD is an option when the organization’s desire is to reduce operating and end-user support costs, while lowering IT inventory costs. The desire to improve the end-user experience as well as the business

Sujith Christy

requirement of supporting a mobile workforce have become the key business drivers of BYOD while this has also enabled people to enter the cloud and develop various business applications.

For a long time, IT departments have had an iron grip on the endpoints to their networks and they could secure and provision a fixed device that was procured by the organization. The increasing number of mobile devices means that organizations will have to deal with a variety of personal devices connecting to the enterprise and sensitive or confidential data can reside in the mobile devices. The obvious concern around security risk is considerably higher and it will be increasingly difficult for any organization anywhere in the world to ignore BYOD due to the consumerisation of IT.

Even the human resource managers have to think about mobility when recruiting and retaining staff. Organizations are playing catch-up to where their users are and appear to be having trouble keeping up with this trend. This often brings on fear from the unknown while it provides organizations with enormous opportunity, such as cost-saving benefits. Many organizations acknowledge that they either don’t have a policy that specifies how employees may use their own devices in the workplace or are just planning to write such a policy.

Mobile device management and secure containerization or sandboxing is also being considered as part of the BYOD deployment. Some organization have imposed highly restrictive policies on their workers by either requiring personal devices to be approved by the company before being allowed to access the firm’s networks or completely banning personal devices connecting to the network.
While it may be necessary to restrict BYOD in some industries dealing with highly sensitive data, it isn’t necessary for most rank-and-file office workers.

The BYOD policies should be applied equally to everyone while exceptions should be made with a lot of caution for executives and privileged users. All access to the network and data should be logged and reviewed. Triggers should be set for any policy violations. A BYOD deployment should be supported by a governance framework and should include a process to minimize the impact arising out of a security incident. It is equally important to train employees to understand BYOD risks regularly.

Make sure your security team is engaged in the BYOD project and they are there as a partner helping to enable security. This will ensure that organizations see real benefits from a BYOD program.

(The writer is a Governance, Risk and Compliance professional. He can be emailed at sujit@layers-7.com).

Share This Post

DeliciousDiggGoogleStumbleuponRedditTechnoratiYahooBloggerMyspace
comments powered by Disqus

Advertising Rates

Please contact the advertising office on 011 - 2479521 for the advertising rates.