The Challenges of Fundamental BYOD Security

Sue Marquette Poremba
Slide Show

Six BYOD Questions Users Should Ask IT

Recently, I had an email conversation with Brian Tokuyoshi, senior product marketing manager for Palo Alto Networks, about BYOD security in general and about the challenges of using a multi-layered security approach in specific.

BYOD security is a much-discussed topic, but I also believe it is a constantly evolving issue. Regularly, new technologies enter the market that access the company network or store corporate data. Operating systems are regularly upgraded. Even the number of devices used for business purposes is constantly in flux.

So it isn’t surprising that Tokuyoshi said the hallmark of a good BYOD security plan is its flexibility:


Any solution that requires all-or-nothing approach to either what the business needs or what the user wants is doomed to fail. Neither is likely to deliver a BYOD policy that everyone can live with. You’re either telling everyone what they can do with their own personal mobile device (great for the company’s needs, but not great for the employee) or you’re letting the employee do whatever they want with company applications and data (great for the employee’s freedom of choice, but not good for the company's ability to control risk). The challenge comes from deciding just how to balance the scale between security and employee freedom on a device the company doesn't own.

This balance may be found by providing choices for BYOD participation, but, Tokuyoshi pointed out, these choices have to present a fair exchange.

At one end of the spectrum, yes I can understand why I can't access an application if the company doesn't know how safe my device is. So in order to participate and get greater access, I have to accept that I need to accept the security the organization needs. Employees, when presented with a fair choice, feel empowered to get the access they want rather than prevented from doing their job. I believe a lot of BYOD programs fail on this point. Companies that try to force their will upon the user end up with unhappy users that still have unmet needs—they still want to use mobile devices, and they'll often find very creative ways to do it.

Tokuyoshi added that some of the biggest challenges that organizations face with security involve applying granular security using contextual information about specific applications, users, content and devices. This can be tough to do because many of the security products on the market and in the network don’t speak this language. For example, policy engines can’t make a decision on criteria they can’t evaluate.

In a future post, I will continue my coverage of the conversation with Tokuyoshi and discuss his opinions on the need for and challenges involved with developing the multi-layered approach to BYOD security.



Add Comment      Leave a comment on this blog post
Mar 17, 2014 11:38 PM larry larry  says:
I think the authoress would have done better by explaining to us less in people exactly what does BYOD stand for. I haven't a clue, so I wrote this feedback and turn off. Reply
Apr 3, 2014 8:16 PM johrossdale johrossdale  says:
I agree that a hallmark of a good BYOD security plan is its flexibility. BYOD is a complex security situation, and adding things like HIPAA and SOX compliance makes it even harder. We approached the BYOD question by asking what do our people need BYOD for, and securing those aspects first. For us, it was HIPAA compliant text and image transfer. The IT department found a HIPAA complaint app ( tigertext.com ) that allowed our smartphone and tablet users to do that, and we got all our staff the app for their devices. Next on our list is HIPAA compliant email, and we are looking at several ways to do this. The point is that you might need to break BYOD to objectives to deal with it in a cost effective way that doesn’t over load the resources of the IT department. Yes, I agree that BYOD is becoming a future must have technology for most businesses, and there are many way to deal with the security issues that it brings. http://tigertext.com Reply

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 
Resource centers

Business Intelligence

Business performance information for strategic and operational decision-making

SOA

SOA uses interoperable services grouped around business processes to ease data integration

Data Warehousing

Data warehousing helps companies make sense of their operational data