The enterprise security landscape has grown ever more complicated and ever more hazardous in recent years, with massive data breaches of major retailers and healthcare organizations hitting the headlines seemingly every day. Increasing numbers of businesses realize the need for a security expert to ensure that they are doing everything possible to prevent a data breach. Unfortunately for those businesses, security vulnerabilities often plague their mobile deployments, and mobile security—especially in BYOD environments—can be exceptionally frustrating. Here are four reasons why.
1. The diversity of platforms
iOS 5, iOS 6, iOS 7, iOS 8. Android KitKat, Jelly Bean, Gingerbread, Ice Cream Sandwich, Lollipop. The sheer diversity of mobile platforms currently in use by BYOD employees is staggering, each with its own flaws, vulnerabilities, and unique security risks. BYOD employees enjoy being able to choose which device and which operating system they use for their work needs, but as a security expert, you may bemoan just how many different platforms your customers need to protect.
2. The lack of visibility
That diversity of platforms often leads to visibility challenges that can become a headache for the security expert, especially given BYOD employees' expectations of privacy for the personal data on their mobile devices. Many a BYOD organization has been stumped by how best to monitor employees' handling of corporate data while leaving workers' personal data and applications alone. If your customers look to you as their BYOD security expert, you'll have to be able to answer that question.
3. The lack of control
And along with visibility challenges come control challenges. A BYOD enterprise must have some way of managing and controlling employees' access to corporate data, particularly sensitive assets protected by data privacy laws and regulations. Additionally, the BYOD organization must have some way of remotely wiping corporate data from devices in the event of loss or theft—a kill switch, if you will. And the company will look to its security expert for a way to do so without compromising employees' privacy and ownership of their personal data.
4. Employee attitudes
Closely related to the issue of employee ownership over their personal applications and data is the sometimes problematic attitude workers may take towards their BYOD device usage. When provided with a corporate device, employees are typically more careful to use those devices only for work, or at least only in work-appropriate ways. Not so with personal devices. When they're using their own smartphones and tablets, people are accustomed to being less careful when opening emails, browsing the Internet, downloading apps, and allowing applications to access device data. This can lead to serious security woes when those devices also store or can access corporate resources.
But before you despair, remember that solutions actually do exist for all four of these problems, and they're solutions that you, in your capacity as a security expert, are empowered to help your customers select and deploy. The new generation of Enterprise Mobile Management (EMM) and the best of breed of traditional Mobile Device Management (MDM) platforms enable visibility, control, and security policy enforcement across a wide variety of platforms. Additionally, many organizations will appreciate guidance from their security expert on employee cybersecurity training. A little bit of awareness goes a long way when it comes to encouraging safe Internet and application use in BYOD environments.
If you've positioned yourself as a security expert, your customers' BYOD security strategies rest largely in your hands. Make the most of your position by knowing the EMM and MDM landscape—your customers will thank you.