Consumerization trends have led more businesses to implement mobile strategies that allow employees to work remotely, yet still remain as efficient as if they were in the office. These deployments often improve satisfaction within the workplace and can significantly enhance productivity, while reducing costs for the company, as they can eliminate some hardware purchases. However, the initiatives also invite new threats to the network and data that were previously unrecognized.
Data security vulnerabilities are especially prevalent when companies deploy BYOD (bring your own device) programs, as the policies allow individuals to use personal electronics to perform work-related tasks. These devices may or may not be protected, which can pose a serious threat to sensitive information, according to an ITworld report.
"[BYOD deployments are] really a combination of technology and policy," vice president of IT infrastructure and technology at AmerisourceBergen John DeMartino said, according to ITworld.
BYOD programs, while beneficial, can be seriously dangerous if employees are negligent or unaware of the implications of exposing sensitive information. Meanwhile, since BYOD means individuals use their own gadgets, the users are ultimately in charge of what applications, tools and even security solutions are downloaded and installed, ITworld said.
"More than 60 percent of organizations today allow staff to bring their own devices," SANS senior instructor Kevin Johnson said. "With this type of permissiveness, policies and controls are even more important to help secure our environments."
However, a recent SANS study found that only 9 percent of responding decision-makers believe they are fully aware of all devices accessing business resources. Furthermore, roughly half felt they were somewhat informed of all the electronics during BYOD deployments.
"Another interesting note is that organizations are reaching for everything at their disposal to manage this risk," SANS analyst program executive editor Deb Radcliff said. "Among them are user education, MDM, logging and monitoring, NAC and guest networking and configuration controls."
Yet fewer than 20 percent of SANS survey respondents are using endpoint security tools to prevent data leaks from occurring.
"If employees are using personal devices for work, companies should consider what kind of work can be performed on their devices and how to ensure that confidential information is not at risk if the device is lost or stolen," Mozy director of product management Gytis Barzdukas said.
According to a recent Mozy study, roughly 80 percent of professionals now regularly work outside the office and rely on mobile devices to keep them connected with corporate resources. However, 87 percent of survey respondents said they have no formal governing policy in place over employee-owned devices.
Different industries have different priorities on data protection, the report noted, but legal services were found to be trailing others in terms of progress. Mozy found that more than three-quarters of lawyers said they were either not concerned, barely worried or only somewhat bothered by data security during BYOD deployments. Meanwhile, medical and financial firms placed data protection on a much higher pedestal.
Information protection will grow in importance as companies implement mobile strategies and become aware of the serious vulnerabilities that BYOD can spark if not addressed. A study by Citrix found that roughly 93 percent of organizations around the world will embrace mobile workstyles by 2013, driven by employee demands to work outside the office.
"Organizations around the globe are moving from traditional work environments and realizing real estate, travel and labor cost savings by enabling mobile workstyles," said Mick Hollison of Citrix.
In the advent of consumerization, BYOD and other mobile strategies, it is important for decision-makers to govern the use of portable electronics and keep the network secure.
Consumerization News from SimplySecurity.com by Trend Micro