The bring-your-own-device (BYOD) trend brings benefits, but the added security threat is not one of them.
“While businesses can ensure their own devices have proper antivirus and malware protection, they give up some of this control with a bring-your-own-device model,” wrote tech expert Miles Young in a recent CloudTweaks article.
Company-provided laptops, smartphones and tablets can sport proper security measures, but it is trickier for devices outside the company. There’s no control over what apps are installed, and little control over security settings and how sensitive corporate data is used by employees.
“When employees use company-provided devices, in some ways, life is easier for businesses. They know their employees’ computers will be on their desks in the morning, just where they left them at the end of the day before,” noted Young.
The cloud can help with this problem, however.
By using cloud services for business functions, data stays in the cloud instead of moving to the individual devices of users. Workers may access customer data from their own phone, but they are connecting and not carrying the data with them.
Because the data is fundamentally stored online instead of on individual devices, it is easier to secure.
Not that there aren’t still challenges—there’s the security threat that someone can steal a BYOD device and then use it to log into the corporate services in the cloud.
But this threat can be minimized by ensuring proper authentication systems that don’t keep users persistently logged into the cloud system, and by building in ongoing authentication that keeps checking that a user is who he or she says he is. This sort of security is often seen on bank Web sites.
Education also is key for enterprises; they need to make employees aware of the dangers of staying logged into cloud services, and of bringing work data with them on their mobile devices.
Young suggested that organizations need to communicate company policy relating to workplace activities on the business network and keep monitoring measures in place to guarantee workers remain on the “straight and narrow.”
Most employees are only vaguely aware of data security, but this need not be the case.
Especially if there are well understood penalties for carrying company data and then losing it, most employees will quickly adjust behavior and take a more defensive stance when it comes to corporate data on their mobile phone.
Edited by Rory J. Thompson