Tactical Advice

BYOD Security: Don't Let Your Company's Data Walk Out the Door

Whether you believe BYOD is good or bad for companies to adopt, the one thing you can’t afford to do is ignore it.
BYOD Security: Don't Let Your Company's Data Walk Out the Door
Credit: Jupiterimages/Photos.com/ThinkStockPhotos

While the buzz around bring your own device (BYOD) is reaching a fever pitch now, it has been around since the first wireless-enabled smartphone hit the streets and wandered innocently into the office in someone’s pocket or bag.

This scenario is precisely the primary BYOD use case that every company faces today. According to Nielsen data, almost half of all phones in the U.S. are now smartphones, which means many workers will want to connect to the company wireless network.

Workers will also forward some of their company email to personal accounts so they can read them on the train or give them extra attention over the weekend, which sounds like a productivity win for the company.

But think about the security implications: Potentially sensitive company information gets transferred regularly to personal devices that do not have the levels of security or encryption that company-owned devices are set up with.

Then staff wants to connect smartphones to the company computer, just to charge the battery of course. The computer is likely to see the connected phone as a storage device, a device that probably has over 8GB of space and probably a MicroSD slot for up to 64GB of additional storage.

While connecting a mobile device to the office computer to charge the battery might seem innocent, the potential for danger is great.

Since most of our employees are developers, it’s hard to stop them from working on code. When it comes to locking down access to code, we limit this to a few outside contractors who only have access to the repository code they are working on.

When it comes to client data, we have procedures and controls to protect our clients' data from accidental or malicious employee actions as follows:

  1. Our privacy policy and employee handbook forbid it and all customer support and other employees are informed about this verbally as part of their induction.

  2. Our employees do not have access to client data in our production box, unless they are permitted by their client contact to log into a client as part of their support, using an account and password provided by the client.

We even restrict "backdoor" database dump features, which are often used by developers to view client data.

Lastly, all the data is encrypted over https so sniffers should not be able to pick it up from the network traffic.

BYOD with a Twist

An alternative version of BYOD is where the company actively allows BYOD, specifies what data can and cannot be transferred to and stored on those devices and may require that an app or two is installed to give the device some level of protection. They may also insist that devices used for work purposes are registered with the company’s mobile device management solution.

Controlled BYOD can bring a number of benefits that mostly revolve around productivity gains. Every company is subject to some form of data protection legislation; legislation that makes company directors responsible for the security of the data they gather that includes people’s personal information.

Furthermore, many industries have their own set of regulations, usually revolving around the control of financial information or other data. SOX, GLB, HIPAA, and many others are just a few of the acronym compliance beasts that have to be wrangled.

It is hard to see how allowing company data to move onto a device the company doesn’t own can be a good thing if it has any chance of falling under any of the regulations and laws the company is responsible for adhering to.

Worried yet? Don’t be.

A clear policy is the cornerstone of your BYOD strategy. Tools to enforce that policy and staff training to make sure they are aware of the policy are equally important in keeping company directors out of court.

But if you’re still worried, perhaps the best solution is be to move to choose your own device (CYOD). This would let staff have the device they want to use but it would be supplied and owned by the company. That way there can be no complaints about the device being heavily loaded with security and control apps.

The key here is to think about BYOD and all of its variants and make a decision on how it can best fit in with your company’s culture and objectives. The one thing no company can afford to do is ignore it, because BYOD isn’t going away.

Sign up for our e-newsletter

About the Author

Richard Minney

Richard Minney is co-founder of iBE.net, a developer of cloud- and mobile-based business management software. He has nearly 20 years of ERP experience as a developer, architect, consultant and project manager installing large ERP systems for aerospace and defense companies. You can reach him at richard.minney@ibe-erp.com.

Security

Heartbleed: What Should Your... |
One of the biggest security vulnerabilities has almost every user and every industry...
Why Businesses Need a Next-G... |
Devices investigate patterns that could indicate malicious activity.
Review: HP TippingPoint S105... |
Next-generation firewall can easily replace a stand-alone intrusion prevention system....

Storage

The New Backup Utility Proce... |
Just getting used to the Windows 8 workflow? Prepare for a change.
How to Perform Traditional W... |
With previous versions going unused, Microsoft radically reimagined the backup utility in...
5 Easy Ways to Build a Bette... |
While large enterprises have the resources of an entire IT department behind them, these...

Infrastructure Optimization

Businesses Must Step Careful... |
Slow and steady wins the race as businesses migrate IT operations to service providers,...
Why Cloud Security Is More E... |
Cloud protection services enable companies to keep up with security threats while...
Ensure Uptime Is in Your Dat... |
Power and cooling solutions support disaster recovery and create cost savings and...

Networking

Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...
How to Maximize WAN Bandwidt... |
Understand six common problems that plague wide area networks — and how to address them.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Mobile & Wireless

Mobility: A Foundational Pie... |
Other technologies rely on mobile computing, which has the power to change lives, Lextech...
Now that Office for iPad Is... |
After waiting awhile for Microsoft’s productivity suite to arrive, professionals who use...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.

Hardware & Software

Review: HP TippingPoint S105... |
Next-generation firewall can easily replace a stand-alone intrusion prevention system....
New Challenges in Software M... |
IT trends such as cloud, virtualization and BYOD pose serious hurdles for software...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.