Talk Security When You Talk BYOD
The verdict is in — and it is all about security. Recent research from The Economist notes that security is the top concern for mobility and BYOD. Organizations want to embrace BYOD but want control to ensure secure access to the network. Chuck Robbins, Cisco Senior Vice President, wrote a blog entry that underscores what we hear almost daily in conversations with our customers and partners. The organizations we speak to have mobility policies that range from no personal devices allowed at all (which is really not BYOD), to policies that permit all personal devices with restricted access, and still others that allow all devices with differentiated access based on the device type, user, and posture.
Some common differentiation access use cases may include:
- Allow my sales force to access the proposal portal remotely from their iPads but do not allow them access to the finance database.
- Do not allow any jail broken device, whether personal or corporate-owned, because there is a high probability it has been infected with malware. A device is considered jail broken when the user gains root access to the operating system, allowing applications or extensions to be downloaded that are not available in the Apple Application store, which increases the risk of malware infection.
- Automatically check to see if the device has pin-lock and disk encryption (basic device security), grant the device the appropriate access. If not, it will be diverted with the non-compliance explanation.
Another interesting observation is many of our higher education customers are starting to see eight devices per user versus the three devices noted. Watch out! The next workforce has some real potential to influence the new workplace.
To help organizations get ready for securing BYOD, we have a paper on Readiness Assessments: Vital to Secure Mobility; check it out.
Stay tuned – later this year we look forward to sharing with you some further insight on mobile workers and their perceptions and behaviors regarding security. For example, how many folks download sensitive data on their personal smartphone? Or when an alert or pop-up warning occurs on their personal device what do they do? How many engage in risky behavior? Who is security aware? If you are a mobile device worker it would be great to hear your understanding of the security of your personal device in the new workplace.