A recent McAfee report on mobility and security highlights that
businesses are now operating in a heterogeneous mobile environment
where BlackBerry is no longer the standard. Traditionally the IT
had to just deal with a homogeneous desktop PC environment. But the
BYOD trend is forcing them to manage mobile devices from multiple
OEMs such as Apple, RIM, Samsung, Nokia, etc. running on disparate
operating systems such as iOS, Android, Windows Mobile, and
Bada.
The survey reports that introduction of these new, unsecured
devices is creating a security hole for the organizations and many
IT and security professionals have recently undergone a wave of
securing corporate infrastructure, largely driven by
compliance.
Device loss and mobile malware: Top BYOD
risks
McAfee report on Mobility and Security highlights that the
greatest security concern for IT professionals and end-users is
losing their mobile devices - four in 10 organizations have had
mobile devices lost or stolen cases and half of lost/stolen devices
contain business critical data. And more than one third of mobile
device losses have had a financial impact on the organization.
Maliciously modified apps are becoming a popular vector for
infecting mobile devices and is posing a major threat in an
enterprise environment, with employees bringing their own devices
which are not only used for corporate data access but is also used
for personal work.
Shantanu Ghosh, VP and
MD, India Product Operations, Symantec highlighting this fact,
says, “In the past year, the malware attacks on mobile
devices have become more frequent and prevalent. The latest
Symantec Internet Security Threat Report XVI documented a 42
percent increase in mobile vulnerabilities, identifying over 163
that could be used to gain partial or complete control over devices
running popular mobile platforms. Some of the methods used in
mobile-specific attacks include web-based and network-based
attacks, malware, social engineering attacks, resource and
service-availability abuse, malicious and unintentional data loss
and attacks on the integrity of the data.”
BYOD forcing overhauling legacy security
policies
To tackle the challenges, a consumerized IT environment brings
with it, CIOs would need to anlayze the existing security policies
with respect to the fresh set of security risks that BYOD brings
in.
On the need to
overhaul the current security strategy within an enterprise, Kevin
LeBlanc, Sr. Director of Product Marketing, McAfee, says,
“Legacy security policies and processes certainly need to be
pulled out and reviewed as the important point to note is that
consumer devices are already accessing data on nearly all networks
and have been doing so for some time.”
To manage the BYOD linked security challenges, CIOs across the
globe are evaluating various technologies ranging from leveraging
their desktop virtualization environment to enable secure access to
the corporate data through employee-owned devices; adopting dual
persona phones that have two logical partitions – one for
professional and other for personal usage with the IT having
complete control over the professional partition; implementing
centralized remote locate, track, lock, wipe, backup and restore
facilities to retrieve and restore corporate data on a lost or
stolen mobile device and more.
Organizations like Wipro, Essar and Citrix have already rolled
out a BYOD policy along with a strong security strategy enabling a
large chunk of its employees to use the devices of their choice in
the enterprise environment but in a highly secure manner.
To know more about these emerging technologies that would
aid enterprises to address the security challenges and to
understand how companies who have already rolled out a BYOD policy
are ensuring security, read the
March Issue of InformationWeek