分享

Know the Risks of BYOD So You Can Reap the Rewards

The use of personal devices on corporate networks is one of the fastest growing trends in the business world today. The benefits of lower costs and increased worker mobility and flexibility are indisputable, but unsecured personal devices also increase the threat of network attacks, data loss and bandwidth congestion. Here are the top five risks to plan for before you implement a BYOD initiative:

1 Mobile app security gap

Today’s mobile device security solutions lack adequate web security controls to ensure safe use of both native applications (downloaded and accessed from the device directly) and mobile web applications (accessed through the mobile browser). This creates a mobile app security gap in which mobile and web applications can leak sensitive or confidential information, and users are exposed to the same web-based risks as users on desktops or laptops without any of the protection. The ability to enforce policies on mobile devices beyond simple block and allow, to a granular application and operation level for both native and mobile web applications, allows companies to close this security gap and reduce their vulnerability to intellectual property theft, reputation damage and legal and financial liabilities.

2 Users circumvent security policies

Today’s always-on workers expect fast, easy access to corporate assets from their own devices with limited security restrictions. IT managers, on the other hand, expect to provide more limited access with greater oversight and accountability. The recent Global Mobility Study from IDG Research Services showed that 41 percent of IT managers expect to be able to log access to corporate data from employee-owned devices while only 24 percent of employees are willing to have those restrictions in place. This “security expectation divide” between IT managers and mobile users facilitates an environment in which employees are constantly fighting IT and looking for ways to circumvent security policies, creating a potential security risk for the business.

3 Lack of device-level protection

Mobile devices can’t support the same type of endpoint defenses that are designed for laptops and desktops, such as anti-virus and DLP. They have a heavy footprint and consume too many computing resources to effectively run at the device level. And, even if every device could maintain security software, it’s simply not feasible to update hundreds
or thousands of personal mobile devices within the enterprise. A successful BYOD security strategy requires a responsive, network-based approach that delivers instant, real-time security to every device on the network and removes IT from the device management equation.

4 Targeted mobile attacks

Up to now, attacks on mobile devices have been few and far between, but that is likely to change as these devices become a new entry point into the corporate network. Malnets (malware networks), the infrastructures responsible for launching more than two thirds of all web-based attacks, are beginning to target mobile users. Blue Coat Security Labs is tracking eight unique malnets that are launching attacks against mobile users, and three of those are dedicated exclusively to such attacks. To date, the most effective mobile attacks use familiar tactics, such as phishing and luring users to infected sites, such as pornography. With the infrastructure in place to target mobile users, expect to see a rise in mobile attacks over the next year.

5 Bandwidth drain

One of the biggest reasons users connect personal devices to the company network is obvious: it’s free. Using the company network, employees can quickly download iOS updates, stream videos and synch to cloud apps, all without paying overage charges or maxing out data caps. But each device can consume multiple Gigabytes of data per month, which drains corporate bandwidth and can impact business application performance. Multiply by hundreds or thousands of personal devices and the financial and productivity costs to the business quickly add up.

Your BYOD security strategy: Next steps

As the BYOD trend (and targeted attacks on mobile devices) continues to gain momentum, the security industry is rapidly developing solutions that address the greatest risks of mobile devices in the enterprise. But traditional one size fits all security simply doesn’t work for most organizations today. To address the top five BYOD risks, companies must look at a network-based security solution that extends web-based threat protection to mobile devices and offers granular control over native, mobile browser and web applications.

分享