Originally published on HSToday.us – http://www.hstoday.us/columns/critical-issues-in-national-cybersecurity/blog/maintaining-enterprise-security-in-employees-personal-android-devices/70931f8194356dd10d638256d50b5384.html | Written by: Krish Kupathil | 17 June 2015
A global survey by Gartner predicted that by 2017, about 50 percent of employers will adopt a Bring Your Own Device (BYOD) policy. By 2016, a significant 38 percent of employers are expected to stop providing devices to their workforce. The respondents of this survey were comprised of CIOs of organizations across several countries, with the US being twice as likely to adopt BYOD as compared to Europe, where BYOD is the lowest.
Nations like Brazil, Russia, India and China are more likely to use their mobile phones at work; and the preference for using personal devices can be seen among employees of companies of all sizes as well as government organizations. This is by far the most radical shift in enterprise culture, we’ve seen over the past few decades.
Mobile Data Security: The eternal BYOD nemesis
While employees are loving this new-found freedom of using the devices and apps of their choice, for IT teams and CIOs, BYOD has become the largest nemesis of corporate data security. As employees use their personal devices to access both personal and enterprise data, the threat of critical data getting hacked, corrupt or wiped out has increased many fold.
Personal devices often have multiple users or are handled by children. Thus, there is an increased threat of the data being tampered with or permanently lost. In addition, devices lost or stolen makes corporate data extremely vulnerable — and at a critical risk of falling into the wrong hands. In 2014 in the United Kingdom alone, an unprecedented 10 million mobile devices including smartphones, tablets and laptops were lost by employees.
In the US, about 3.1 million smartphones were stolen in 2013, while 1.4 million smartphones were lost and never recovered. These devices are a treasure of personal and business information including contacts, emails, social network and IM access, banking apps, business apps, synched accounts and passwords. Most devices are stolen for their hardware and end up in second-hand markets, often sold with the old data still on the device.
Causes of BYOD security risks
For businesses to adopt a comprehensive BYOD policy, they need to counter several issues and challenges that put corporate data security at great risk. These include:
Lack of control
Before the BYOD model emerged, companies had complete ownership and control of employee devices. However, with employee-owned devices, enterprises cannot have the same amount of control. Also, companies can no longer restrict or control users using the devices. In addition, if an employee resigns or loses his device, companies have no control over key corporate data.
When employees used company-owned devices, enforcing security policies and restrictions was much easier. The devices usually belonged to a single brand with uniform architecture. Hence, companies could have a unified management interface that allowed for consistent application of security policies for all employee devices. However, in the BYOD scenario, employees own a diverse range of devices with different brands, makes, settings and architectures. These devices often work in silos with little or no connection to the enterprise environment.
Also, employees are using an increasing number of devices than before. Thus, companies now need to make extensive customizations to cover the numerous device types and operating systems leading to varying levels of effectiveness. This inconsistency of applying security policies across a multitude of devices is one of the most significant reasons for security loopholes and lapses.
In 2014, the average smartphone user installed 26 apps. These numbers are only going to grow, with users using a range of apps like mapping apps, social networking, games, news and alerts for day-to-day jobs. As the number of apps increase, so does the threat of hosting malicious apps on devices. Malware has malicious elements introduced right at the code level which can pose a serious threat to the device and ingrained data. Open source platforms like Android have no app barrier, and are hence prone to such attacks. They often come in the form of free apps offering games, wall papers or songs and reach user devices making them vulnerable to hackers and cyber criminals.
Violating data privacy norms
As consumers across the world become increasingly touchy about data privacy, most countries are forming stringent data privacy legislation. Every country has its own data security laws with regulations for what companies can or cannot do while deploying a mobile device management (MDM) solution. This can be a great hassle with an inherent risk involved, particularly for multinational companies looking to implement uniform MDM policies across different countries. If at any point companies overlook or violate privacy norms while setting device-level controls, or while seeking consent, they are at a risk of facing legal charges.
BYOD for business: why it works
Despite all the drawbacks, BYOD for business is here to stay and with its own reasons. One of the major benefits of BYOD is that just a single device can be used for enterprise and personal work. Employees do not need to carry different devices for work and personal use. They can set up independent profiles on the same phone with containerized access to corporate data to ensure security is not compromised. Also, employees are now not bound to their workspaces and can enjoy a more flexible work environment. They can transcend geographical and physical barriers and work seamlessly in virtual teams. Enterprise-focused apps enable users with a unified interface to work, edit and manage documents through native mobile interfaces. Plus, they can review, share and approve permissions to access the documents all in one go.
Comprehensive MDM solution: The master key for every CIO
As enterprise mobility needs become increasingly complex, investing in a comprehensive, flexible and customizable MDM solution is a must. A good MDM solution allows enterprises and IT teams to seamlessly manage employee devices and enforce enterprise IT policies and restrictions. It empowers IT administrators to remotely lock, wipe or reset employee devices, enforce restrictions on personal profiles while accessing key business data and apps and track devices in case they are lost or stolen. MDM solutions are equipped to consistently apply a range of enterprise security policies and restrictions across all employee devices.
A personalised work experience
The core of enforcing a BYOD module among enterprises is to allow employees a personalised experience even as they work on various business apps and data. One of the major drawbacks of several MDM solutions though is they can come across as too restrictive in their bid to enforce corporate data security. Thus, a mobile manageability platform equipped with enhanced security and manageability features can help in a great way. It would allow companies to manage employee devices by clearly designating work and personal profiles, and seamlessly switching between the profiles as required. Mobile manageability platforms allow employees to enjoy complete freedom to browse apps and personal data in their personal space while enterprise data is secure in a password protected and encrypted zone.
Restoring control with enterprise IT teams
An advanced manageability platform allows IT admins to gain complete control over enterprise profiles on employee devices. Such clearly designated spaces means the IT teams can monitor, restrict and control the enterprise profile without interfering in the personal space of an employee. Remote device management allows admins to access, wipe or restore data in case the device is lost, stolen or if an employee leaves an organization. Remote capabilities allow extensive control over employee devices, irrespective of the number or type of devices that enter or leave the organization.
As more and more employees prefer personal mobile devices at work, the need for an advanced mobile device manageability solution is the way forward. It is the key to keeping key data safe even as employees enjoy the freedom to work the way they want.
Krish Kupathil is CEO of Mobiliya, an AgreeYa Mobility company which delivers cutting edge leadership mobility solutions from cloud to devices. Headquartered in Mountain View, Calif., Mobiliya delivers targeted and differentiated smartphones and tablets, an enterprise-grade Android platform, flexible and customizable device management, an enterprise mobility platform and a collaborative e-learning platform. A veteran of the mobile engineering industry and authority on enterprise mobility, Kupathil has been published and quoted in renowned publications such as Tech Crunch, Slashdot, Training Magazine, Modern Infrastructure, WIRED’s Innovation Insights, Small Business Computing and TechTarget.