Lessons learned form new BYOD security research
August 25, 2014

Enterprise mobility security issues remain as some of the most significant threats facing the public and private sectors today, especially as so many breaches have been traced back to poorly managed BYOD strategies. There is no denying that the challenges contained within the mobility trend are significant and vast, but it has not seemed to rattle decision-makers enough for them to make more proactive adjustments to their security plans. 

BYOD essentially means that employees will be using personal smartphones, tablets and portable computers for work functions, while data owned and managed by enterprises will be making its way onto these devices. This only tells half the story, as applications will likewise impact the ebb and flow of data, further expanding upon the places it can be at any given time and complicating matters for those tasked with monitoring its movement. 

Many companies continue to use traditional approaches to data and network security, such as password and credential systems that have been around for the past two decades, despite the fact that these strategies have proven to be largely irrelevant at this stage in the game. With threats proliferating more rapidly than ever before and a majority of organizations allowing employees to use personal devices, the time is now to get moving on more effective identity and access management plans. 

Largely unprepared
One of the more more common critiques of corporate security strategies is that they lack intelligence due to poor preparation before an event strikes. A recent study conducted by LinkedIn and sponsored by network monitoring firm Vectra revealed that many companies have tried to run before they can walk, allowing employees to access sensitive data through their personal devices without having proper access controls in place. 

According to the second-annual BYOD and Mobility Security Study, which gathered responses from a 200,000-large information security professional community, just over one-fifth of the respondents stated that they have a formal set of guidelines and controls in place to manage these processes. However, nearly one-quarter have virtually no policy in place that directly govern mobile activities among their employees. 

This is disheartening to say the least, as a lack of a policy all but ensures that the company will be simply crossing its fingers in hopes of not being victimized by a breach. What's more, it appears as though a majority of enterprises have yet to begin using mobile device management solutions which are recommended for monitoring and general oversight purposes, not to mention support for stronger productivity. 

Finally, the authors of the study noted that 67 percent of the respondents stated their firms are still using traditional passwords to control access and manage identities with respect to the devices. 

"Loss of company or client data, followed by unauthorized access to company data and systems are well publicized as security threats around BYOD, and they were respondents' biggest security concerns in our 2014 study," Holger Schulze, the LinkedIn community's found, explained. "But it is very interesting that the study revealed that respondents' next biggest security concerns were users bringing downloaded apps or content with embedded security exploits into their organization (47 percent), followed by malware infections (45 percent)."

Time for stronger protections
As many business leaders already know, the trick to getting the most out of BYOD without hindering the prospect of productivity improvements is to balance between security and user experience. Dynamic authentication solutions that anchor an identity to a given device or set of devices will not only improve security when it comes to information governance and access management, it will also streamline the employee experience for more preferable outcomes.