It wasn't long ago that companies first had to figure out their Wi-Fi policies and make sure everything was secure across the network. Now, businesses are dealing with mobile devices as a transformative technology and must work to figure out a suitable BYOD (Bring your own Device) plan before it is too late. Daniel Lohrmann, deputy director for cybersecurity and infrastructure protection (CIP) within the Department of Technology, Management & Budget in Michigan, said on CSO Online that companies can take some of the lessons they learned in the adoption of Wi-Fi to apply it to the BYOD trend.
"If you were a security leader back in the early days of 802.11, you were likely against implementation of wireless LANs in your enterprise," he said. "No guest accounts, no free Internet access in conference rooms, ban wireless cards in laptops and definitely no ubiquitous access around the company campus. Who would have thought that McDonalds would offer free WiFi around the world a decade later?"
Even back in his early days in IT, Lohrmann said he did not want Wi-Fi within the state of Michigan, adding that he almost lost his job fighting against the adoption of the technology. Now, Wi-Fi is part of everyone's lives and the technology has evolved to the point where most are comfortable in its security and new battles have emerged. BYOD is now the emerging and impending topic that companies are worried about. While Lohrmann agrees with BYOD bringing security issues, the trend rings a familiar bell to anyone who was previously dealing with controlling and securing Wi-Fi.
He pointed out that many are still worried about the security of the BYOD program but may not be taking the right steps. Quoting a study from eWeek, he said there seems to be new industry trends coming from BYOD.
"A survey of BYOD participants found there is widespread acceptance of personal device use, but lax security controls," eWeek said. "Ninety percent of U.S. employees used their personal smartphones for work within the past year, yet only 46 percent believe their employers are prepared for any issues that could arise from BYOD."
Being scared should not mean no adoption
Even if companies are somewhat put off by the BYOD trend, Lohrmann wrote on CSO that the proverbial BYOD ship is starting to leave the dock. Fighting the future is pointless, he said, so companies should be looking at crafting BYOD policies and making sure everything is as secure as possible within the company's network. The industry is still very new, so businesses have their chance to make a mark and figure out new and improved ways to secure and use a BYOD program to their advantage.
Steps to becoming secure
ReadWrite said security in BYOD will always be a concern that companies have, but that does not mean that it cannot be kept secure. There are a few steps every company can and should take for the best possible security of BYOD, including making sure employees are educated as to how they can be the safest on their devices. Giving user training, security desk training and developer training are all great steps toward becoming more secure in a mobile program.
"With its favorable cost-benefit ratio, education is low-hanging fruit," the website said. "In the IT manager survey referenced earlier, managers from all four participating countries that had begun securing their BYOD systems had most commonly implemented device management rules and an employee code of conduct. Employee education is a rewarding place to start, but – based on the fact that security concerns persist – it is obviously not a standalone solution."
Another important step that no company can leave out is securing their data. ReadWrite said the devices in the future may be completely different than anything that is out today , so it is important to ensure the organization has a tight grip on data ahead of everything else. The website said data security can come from purchasing or creating containerized applications for every platform or other ways that each individual business may see fit to use.
It will also be essential for each business to select the correct type of hardware to use to help make sure the software-based security is as safe as possible. Whether this means choosing a 100 percent Windows-based system or selecting the right kind of management tools, it is essential for organizations to have all the right equipment to stay secure over the long haul.
"Finally, selecting the right hardware can make other software options more viable," ReadWrite said. "For example, VHD's biggest drawback is performance. Hardware that accelerates common virtualization tasks can mitigate that sluggishness, making the security of VHD more acceptable to users."
Consumerization News from SimplySecurity.com by Trend Micro.
