In the BYOD discussion, most experts have honed in on the balance between corporate control and employee freedom, as this Zen-like approach to policy creation has been found to maximize both security and engagement. However, one of the fundamental aspects of this strategy is a relatively short-sighted and tunnel-vision perspective that leads to organizations either only covering devices or sometimes the equipment and applications.
Financial services firms, health care providers and other organizations that handle relatively sensitive data must remember that BYOD policies cannot only cover the devices, apps and users, but must also include provisions for backend networks and systems. In fact, perimeter defenses and access management to networks in general can help reduce the overall risk of breach regardless of what activities take place through employee-owned devices.
Covering backend systems
InformationWeek recently suggested several ways in which organizations can create more effective and secure BYOD policies, while the emphasis was firmly placed on accountability, transparency and general protection. According to the news provider, decision-makers will always need to ensure that their strategies are entirely transparent in the eyes of employees, working to create policies that will meet at least some user demands while partaking in virtually no activities that are unbeknownst to the staff.
As a note, it will always be important to capture a certain level of balance between corporate control and employee freedom, but taking an entirely device or application-centric approach to this is not feasible nor the most secure possible strategy. Rather, having protections in place for users and their chosen devices is critical, but backend systems must be consistently defended and controls adjusted in light of BYOD.
The source affirmed that device protection should be a high priority, while corporate monitoring capabilities and protocols should always be enhanced when BYOD comes into play. After all, one of the most common causes of data breach remains employee error, and completely minimizing the chances of this type of issue coming to pass is relatively impossible, unfeasible and inefficient.
InformationWeek stated that continuous monitoring and control of IT frameworks will help to reduce the sting of a data breach if it should occur through a mobile device or app, while response to the initial attack will be far quicker. Remember, the most damaging breaches are those that take place for months without being noticed, and the only true way to ensure this does not happen is to protect backend systems and data along with devices and apps in BYOD environments.
The network controls of the future
Identity and access management has become more complex in recent years simply because of the explosion of new endpoints, diversity of operating systems and apps, implementation of new technologies and, of course BYOD. Organizations that are using antiquated network access controls and credential systems will likely face a higher level of risk than those who have modernized their security management frameworks.
With multi-factor authentication, identities can be anchored to a device rather than a traditional login credential, ensuring a better user experience while reducing the risk of breach.