Like with so many other areas of new technology before it, the big question with BYOD security is if you should be paranoid and lock it down or proactive and leverage it to the hilt. Recently I had the chance to have a great conversation about BYOD and security with one of my peers from Dell Software, Jane Wasson the Senior Product Marketing Manager for Mobile Security, and Dana Gardner, Principal Analyst at Interarbor Solutions. While we ranged all over the place, this dichotomy was one theme that emerged that I wanted to echo here. The problem with BYOD is clear enough. Controlling access is hard enough on systems you own, control, and understand. You don’t own the BYOD device (what’s in a name?), therefore you don’t control it, which therefore means you’re going to have a heck of a time understanding it. The good news is that if you’ve been doing well with your defense in depth so far, you can get a lot of mileage out of that in the first wave of BYOD where it will be things like web applications and email systems that get pushed into the new territory.
The real trick comes when you have organizations that want to take it to the next level and supply a different experience on the mobile device. That might mean the paranoid version, where I want to make sure that the user on the mobile device has a lot less access and I want that to be governed by the fact that they are on the mobile device. How do I make the data context aware so that I can put in those sorts of controls? If my only link to the BYOD system is when it plugs into my corporate network, how do I leverage that to the max to ensure my controls are effective? These are hard questions to answer.
There is also the very proactive view where you embrace BYOD. I worked with a large energy company that decided to embrace these devices. They decided that if they can’t stop employees from bringing them they might as well squeeze some more productivity out of them. They rolled out apps that specifically deliver their data and services in a very mobile friendly way. That involved new areas of policy but also having the technology be smart enough to answer those challenges, as well, because being proactive means taking a whole new security context, and that’s new risk. It took a lot of effort, but they felt it paid for itself with the productivity increases and cost decreases. And it had security built in from the start.
Listen to the podcast titled: Growing BYOD Trends Bring New Security Challenges