The concept of bring your own device (BYOD) has been around for a number of years, but since the shift to more remote and hybrid working around the world, its popularity has reached bold new heights.
For many businesses without established remote working policies in place, BYOD was the only way they could stay operational during multiple national lockdowns and restrictions on movement over the past 18 months.
When done correctly, the benefits of BYOD can be plentiful, helping businesses achieve much needed digital transformation success at a critical time. However, it also raises several security issues, which, if not dealt with properly, can quickly leave networks and data vulnerable to the growing number of cyber threats out there.
The rise and rise of BYOD
BYOD started as a cost saving measure for businesses that didn’t want to continue paying for IT refreshes all the time, but fast forward to today and very few digital transformation initiatives can be successfully achieved without it at their core. In fact, 70 percent of businesses now enable BYOD for employees, with 62 percent also doing so for their extended employees, which includes contractors, partners, and suppliers. A further 18 percent even enable BYOD for their customers.
Why is this? Because it didn’t take long for businesses to realise that BYOD offers numerous advantages beyond just cost savings on IT. In the same Cybersecurity Insiders study, 68 percent of respondents said BYOD improved employee productivity, with 53 percent saying it also led to better employee satisfaction. Of course, the ongoing pandemic has also played a major role in accelerating BYOD adoption, with 47 percent of those surveyed reporting that their programmes have increased significantly over the last 18 months.
Tackling the BYOD security conundrum
However, one lingering issue that continues to hold BYOD adoption back for some organisations is security. In a traditional on-premises network environment IT controlled everything, from network access and user ID to endpoints and data location. However, in a ‘new normal’ BYOD remote environment, users control devices, operating systems and apps, data is everywhere, and IT doesn’t even own the infrastructure anymore. Understandably, this makes many of them quite nervous!
Solving this conundrum requires a combination of three key factors: visibility, control, and trust:
- Use technology to boost data visibility without impacting user privacy
A top concern for many IT teams is the lack of data visibility they have on personal employee devices being used in BYOD programmes. In the past, this would be solved by deploying agent-based security tools like mobile device management on company owned devices. However, employees using personal devices as part of a BYOD program can often be resistant to this kind of approach, not only because it’s considered an invasion of privacy, but also because it can impact device performance and functionality.
Conversely, agentless security tools that utilise cloud technology require no installation but still give security teams the control they need to monitor, track, and even wipe sensitive data if/when necessary. Furthermore, because agentless security tools only monitor company data on the device, employees can be confident that their personal data and activity remains completely private. Leading agentless security solutions even include cloud based DLP as part of their offering, meaning businesses can cover multiple bases in one go.
- Optimise control with application whitelisting
From a control perspective, the use of application whitelisting can give IT teams greater security against malware and other malicious software without it becoming all-consuming in the way that blacklisting can. With new apps being released every day, maintaining an up-to-date blacklist can easily be a full-time job for multiple members of the team. Conversely, whitelisting allows teams to focus their efforts on apps that can be trusted in a BYOD environment, with everything else blocked by default.
- Improve trust and user awareness with regular security training
Whilst technology can be a powerful way to improve security posture in a BYOD environment, one of the most effective tools is far simpler. Regular security training helps to minimise the threat of data theft or loss by promoting secure business practices and keeping employees vigilant to the most common security threats, such as phishing emails and other social engineering tactics typically used by cyber criminals.
The popularity and prevalence of BYOD programmes continues to grow amongst businesses looking to achieve effective digital transformation. However, lingering security issues are still preventing some from fully embracing it. Fortunately, many of the biggest concerns can be easily addressed through a combination of technology, smart security practice and regular employee training, leaving businesses of all shapes and sizes to enjoy the many benefits BYOD has to offer.
About the Author
Anurag Kahol is Founder and CTO of Bitglass, a Forcepoint Company. Anurag expedites technology direction and architecture. Anurag was director of engineering in Juniper Networks’ Security Business Unit before co-founding Bitglass. Anurag received a global education, earning an M.S. in computer science from Colorado State University, and a B.S. in computer science from the Motilal Nehru National Institute Of Technology.