BYOD Security – A Huge Pain for Companies
Today, the cyberpower in the pockets of private individuals far surpasses that of entire corporations a generation ago. But today’s workers don’t just use that power to check out their friends on Facebook. Naturally, they also use it to access confidential company data.
Network administrators deal with this high-risk factor by either enforcing strict control over all hardware equipment or by setting up software solutions and restrictions. The second option is most coming, allowing employees to use their personal devices in the company’s interest.
The pros and cons of bringing your own devices (BYOD) to work can cause massive headaches to system administrators as it takes elite management systems and security measures to keep all sensitive data away from possibly corrupted devices.
Companies with high tolerance for BYOD often use virtual machines, virtual app integration, web servers, and even virtual desktops so all access to sensitive data can be filtered, monitored and highly secure.
These implementations are not always successful and mid-level companies don’t have the financial resources for this type of infrastructure. We’ve all heard of company data breaches and security vulnerabilities exploited to illegally access sensitive corporate information. In most cases this was the result of a compromised device that managed to sneak into a company’s network through carelessness.
Financial losses caused by poorly implemented security measures can range in the millions and accountability is tossed around. Small and mid-level companies often embrace the idea that employees should bring their own devices because it will cut maintenance costs and increase productivity while everyone can be available 24/7. However, disaster strikes when an infected device is granted remote access to file servers or other vital systems.
With companies strongly embracing the BYOD policy, too few security measures are in place to ensure critical data is only accessed through safe terminals and networks. Tokens, certificates, and passwords are susceptible to attack if the right set of tools is used, especially if it’s an infected device plugged into the company network.
Companies are faced with the lack of secure system that not only detects all types of devices, but also identifies their security clearance. Managing BYOD is like catching a bullet in your teeth. The implementation of an efficient and self-guided system designed to detect low-risk systems and high-risk system still eludes us, but we can take comfort in the fact that VPNs, closed-circuit networks and aggressive antivirus solutions are somewhat effective, if updated and managed properly.
A system based on the “red/green paradigm” could be reliable, but no one has been able to implement such a scenario. System administrators could tag with green low-risk devices while red should be for high-risk devices, while keeping both systems logically or physically separated.
The number one threat that all BYOD devices are exposed too is the lack of control over software. Smartphones, for instance, have the most fragmented operating systems yet, thus the chances of having an exploit for an unpatched version are extremely high. A company’s inability to identify and secure a connection with a more recent/old version of a mobile OS paves the way for data breaches.
Handhelds and smartphones equipped with IPV6 support provide an extra security measure, but the fact that you can’t set up a VPN connection to your workplace is still a major shortcoming. With companies investing too much in security and too little in employee training and awareness, security breaches are inevitable.
All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.