Your enterprise BYOD is not secure yet

  • Enterprise IT and Security needs to take control of BYOD population and policies.
  • Consumer apps can track and access enterprise activities.

man drinking coffee

The types of devices used by enterprise staff is inconsistent, to say the least. At first, many companies tried to avoid letting employees use their choice of cell phones, tablets, laptops, and other gadgets, but in the end a number have chosen to allow it.

The diversity of hardware, operating systems, and applications that results from bring-your-own-device (BYOD) policies opens a number of potential security issues. Enterprise IT and Security needs to take control over the BYOD population by recognizing and dealing with these four areas:

1. Intermingled personal and company data

Employees want to use their own device to manage both their personal communications and business activities. Each staff member may have multiple devices that access the same accounts, and each device type presents its own set of security issues.

As employees access company applications one moment and personal social media accounts the next, information can leak across a very porous dividing line between the two environments. The fact that many social media apps track user activity even after the user has closed the app means some company activities may be tracked and used in unintended ways.

To protect the enterprise, IT should deploy a single enterprise mobility management system.

2. Poorly maintained devices

Enterprise IT can manage the computing resources it purchases and certifies, but there are limits to the level of control it has over BYOD equipment. Many security breaches are executed by exploiting computers and operating systems that have known but unpatched vulnerabilities.

Typical mobile users are not motivated in the same way IT is to perform updates even if they are readily and freely available. This leaves openings for intrusion and data theft. IT should implement verification procedures and let users know it expects them to keep all of their devices updated.

3. Lack of infrastructure compliance

Most enterprise infrastructure is not inherently built to accommodate the variety of BYOD gadgets today’s workforce uses. The proliferation of user-installable apps means IT may not know about every app that has access to various company resources and data.

IT should carry out penetration testing and evaluate what systems have access to what resources. Once an inventory of assets—and access to those assets—is complete, proper and robust protections need to be put in place to provide appropriate granular access based on actual need.

4. Open vulnerabilities

Users feel free to install any app they like on their personal devices, and the fact that their smartphone also houses enterprise data may not deter their activities.

Consumer apps are not subject to the security rules of the enterprise. While the majority are do not contain malicious code, there is no guarantee that any particular app is free from viruses or other malware that might find its way to the corporate network and cause problems. The use of BYOD should be conditioned by agreements that IT can verify and install antivirus and other types of protections necessary to protect the enterprise.

The risks introduced by BYOD need to be countered by appropriate measures as determined by the security needs of the enterprise. IT needs to understand and have some level of control over the connections and vulnerabilities presented by users’ personal devices.

AT&T offers a portfolio of enterprise mobility management services that can help you secure BYOD for your business.

Scott Koegler Writer Sponsored Post About Scott

Scott Koegler is a technology journalist with a specialization on the intersection of business and technology. All opinions are his own. AT&T has sponsored this blog post.