Does BYOD Increase Information Risk?Posted 2013-08-02 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
Concerns about security breaches, intellectual property theft and data loss make it essential to have a strategy for addressing mobile devices in the workplace.
Here are six key security practices that businesses need to follow:
· Highlight the issues associated with accessing, storing and processing private information.
· Provide clarity about which privacy rules apply, and specifically how they are affected by cross-border movement of data and the multitier nature of some cloud providers.
· Include a high-level examination of the varying legal requirements in different jurisdictions.
· Identify the roles and responsibilities in the enterprise that apply to private information.
· Define an approach for managing private data and the way it is used on consumer devices.
· Help the business understand how to respond to the requirements of regulators and data subjects.
What Can Business Do?
Time is critical, and businesses need to formulate a response to the growing BYOD trend with a sense of urgency. Focusing on the organization’s information as a guiding principle for considering risk can bring clarity to decision making, since it facilitates the definition of device-agnostic solutions that can be reused for other BYOD deployments. This approach must be weighed against the risk appetite executives have for enabling BYOD.
An information-centric perspective is absolutely vital to managing BYOD risk, keeping the focus where it should be rather than on the technical details. The proliferation of new devices and applications means that organizing a BYOD risk-management plan around a single technical solution can be too restrictive. In contrast, a focus on information is more likely to result in an agile, adaptable program.
Businesses can’t afford to stand still and allow mobile device adoption to run its own course, because it will tend to create new attack vectors and potential vulnerabilities in corporate networks. Enterprises need to stay one step ahead of the latest trends, mobile devices and related security risks.
By implementing the right working practices, use policies and management tools, organizations of all sizes can benefit from the advantages mobile devices bring to the workplace, while minimizing exposure to security risks.
Steve Durbin is the global vice president of the Information Security Forum, an independent, not-for-profit association that investigates, clarifies and resolves key issues in cyber-security, information security and risk management. His main areas of focus are the emerging security threat landscape, cyber-security, consumerization, outsourced cloud security, third-party management and social media. Durbin was previously a senior vice president at Gartner and is currently chairman of the DigiWorld Institute Senior Executive Forum in the United Kingdom.