Finding a balance between providing employees anytime, anywhere access to enterprise resources and ensuring that IT security and compliance rules are adhered to can be a daunting task for any organization looking to embrace mobility and BYOD. Throw in all the varied devices that can connect to an organization’s network (i.e, smartphones, tablets, laptops, etc.) and the operating systems (Windows 8, Android, iOS), and the risk to data and application resources multiplies exponentially.
According to a recent Dell Global Security Survey, IT decision makers highlighted BYOD as a root cause of security breaches. In fact, 57 percent of those polled ranked increased use of mobile devices as a top security concern in the next five years (71 percent in the UK).
As with most things, the more restrictions people encounter, the more likely they are to rebel and find workarounds that allow them to do and or access what they want, circumventing an organization’s security policies and placing proprietary data at risk.
To minimize security risks while maximizing mobility benefits, Dell offers five best practices for implementing mobile security that address user work preferences, device types, operating systems and enablement strategies.
Click through for five best practices organizations should consider in order to meet mobile and BYOD security challenges.
Best Practice No. 1: Build a Network Infrastructure Optimized for BYOD/Mobility
Creating a distinct BYOD network enables organizations to take into account the increased use of bandwidth-intensive tasks, such as video streaming, on mobile devices, while ensuring that all personal devices and mobile apps are validated before allowing them to connect to the network in accordance with corporate security policies. In particular, organizations can create a master security policy that allows access to corporate information and parts of the main network from mobile devices while helping to ensure that no information leaks out through personal devices. Additionally, personal devices can be validated before connecting to the network so that they meet corporate security policies.
Best Practice No. 2: Create a Mobile User/Remote Access Policy
Setting up secure mobile access is essential to safeguarding corporate information from being exposed to mobile threats. First, companies should insist that employees use a PIN or strong password to access a device’s operating environment or apps as a first line of defense against data theft if a device is lost or stolen. Second, companies should seek secure mobile access solutions that use context-aware authentication, network access controls and a virtual private network to allow only authorized users and mobile apps, along with validated devices, to access corporate resources. A secure mobile access solution with these capabilities can reduce the risk of compromised devices or mobile apps that could act as a conduit for malware to infect corporate resources as well as prevent in-flight data theft.
Equally important is educating employees so they’ll avoid some of the basic behaviors that could introduce malware or expose corporate information to undue risk. For example, employees should be instructed to avoid Wi-Fi hotspots for work without a VPN connection. Additionally, IT departments should deploy systems management on all devices so regular OS updates, including security patches, can be installed automatically on smartphones, tablets and laptops to eliminate the possibility of exploiting security flaws in earlier versions.
Best Practice No. 3: Encrypt Data on Devices
The addition of encryption to mobile devices is a highly effective way to protect data from loss and theft. Organizations can set and centrally administer encryption policies based on users, groups and data sensitivity. By encrypting and decrypting files residing on Windows, Android and iOS tablets and smartphones, organizations can dramatically reduce potential security problems across their fleet of devices.
Best Practice No. 4: Use Secure Containers
An ideal way to separate enterprise apps and data from personal ones involves creating a container or walled-off corporate workspace environment on personal devices. Not only does this prevent co-mingling of personal and corporate applications or data, it helps reduce the threat of corporate information being compromised. By downloading a simple app with the container, employees gain access to the productivity and collaboration tools needed on their preferred devices, which protects their privacy and keeps personal data from being accidentally wiped by IT.
Best Practice No. 5: Implement Identity and Access Management
Identity and access management (IAM) solutions elevate security while reducing complexity and alleviating many of the risks typically associated with heterogeneous access needs. A unified approach to accessing corporate data and systems should include an access control policy, separation of duties, and single sign-on.
Additionally, a cohesive solution for identity governance and privileged account management that includes mobility and traditional on-premises access can dramatically reduce the likelihood of security issues, even as employees increasingly use personally owned devices. A well-executed IAM strategy also can simplify the arduous task of proving compliance by moving it into the hands of line-of-business managers who know why access should or shouldn’t be granted.