Jonathan Andresen, Senior Director - Products & Strategy, Asia-Pacific, MobileIron
The business mobility phenomenon of Bring- Your-Own-Device (BYOD) is clearly upon us. Gartner predicts that by the end of 2017 more than half of all companies will no longer be providing mobile devices for their employees to work on, but instead will be mandating that they bring their own device to work.
For most companies and individuals, this is a win-win situation. The Enterprise IT department can save limited operational and CAPEX costs by no longer providing and supporting mobile phones and tablets. Employees can achieve greater productivity by using their own preferred devices like OS platforms and apps, while accessing both their work and personal content at any given time.
Most companies are now focusing on creating new infrastructure for development and support for mobile business apps, whether internally or externally with partners and customers. Business emails, calendaring contacts, and Personal Information Management (PIM) sums up to the daily inclusion for any workplace in the world.
Yet, the concept of BYOD or even CYOD (Choose-Your- Own-Device) is somewhat misinterpreted. The point is that no matter where the device belongs to, users will anyway access both personal and work information. Give an employee a smartphone and they’ll install their favorite apps, but let them buy their own device and they will both work and relax as they will get exposure to both personal and official data. The privilege of accessing multiple servers at the same time with exposure to critical and confidential business data makes it a very important factor to make sure that work and personal data are clearly separated and secured independently of each other.
A False Sense of Security
The rise of mobile payment gateways and use of devices with point of sale systems (POS) is yet another example of an emerging threat.
The rise of mobile payment gateways and use of devices with point of sale systems (POS) is yet another example of an emerging threat
For example, in Singapore, the use of POS in retail stores has ramped along with mobile phone payment systems like Apple Pay, Samsung Pay, and Android Pay. More than four million Visa payWave transactions are now made on a monthly basis across Singapore.
One of the largest credit card breaches in recent times was a major retail chain in the United States, where 40 million debit and credit card numbers were stolen. The root cause of the breach was malware infestation of its POS systems at most of the retail stores. So, while this mobile trend presents a significant opportunity, it also poses important questions about risk, especially if it involves the loss or leak of critical business information.
What can be done to secure BYOD? Security Recommendations
Our recent security hygiene update found that almost half (45 percent) of companies did not enforce policies on mobile devices, and nearly 30 percent had outdated policies, that resulted in 11 percent of companies having compromised on security due to devices accessing corporate data. Here are some simple steps that companies can take to quickly mitigate, if not eliminate, security risks.
Educate Employees on Risky Behaviors
It is important for companies to realise that savvy users often ‘root’ or ‘jail-breavk’ their devices to gain additional perceived benefits. A key approach that organisations can take here is to educate employees on the risks and encourage appropriate practices.
Consistently Check and Update User Devices
Another useful device policy is to regularly check and verify the security status of the device and apps to ensure that no modifications have been made. In tandem with this, it is also equally important to regularly update operating systems to help maintain security against ongoing threats. This can be done through an automated system which detects system changes and enforces required updates to safeguard against future mobile attacks.
Restricted Access from Compromised Devices
Finally, companies should automatically mediate compromised mobile devices using backend systems that take action and block access to all enterprise resources until remediation takes place.
While not exhaustive, by ensuring that infrastructure and policies align with these recommendations, companies will have gone a long way towards realising the huge benefits of mobility and BYOD.
Headquartered in Mountain View, U.S., and founded in 2007, MobileIron (NASDAQ: MOBL) specialises in solutions for mobile device management (MDM) and enterprise mobility management (EMM). The firm also has a strong Asia-Pacific presence with offices in Australia, China, Singapore, Japan, Hong Kong, Macau, Taiwan, and India.