Every day, there are countless articles, surveys, social media entries, and blog posts (including our own) that focus on the promise and perils of BYOD in an enterprise mobility environment. At the top of almost every list of concerns is security – the security of the enterprise backend, of the data contained there, and of the documents just waiting to be mis-used, misappropriated, or made vulnerable to corporate and even foreign espionage.
Yet mobile devices – the multitude of smartphones and tablets proliferating daily in every organization – are not the primary source of the problem. They’re merely the outermost doorway of the enterprise and the one most likely to be treated with a cavalier attitude toward security.
Security, like charity, begins at home. And home in this case is the enterprise itself. If it doesn’t have mandated protections – user IDs, passwords, permissions, authentication, authorization, and the like – then, yes, any mobile device is a threat. That’s why companies like Symantec, Good Technology, and other mobile device management software providers have a market in the first place – because the enterprise itself isn’t well-guarded enough for mobile access.
On one level, this is an IT challenge, but intrinsic to that challenge is the ability to convince employees – through training and ironclad protocols – that enterprise system and data security is of strategic and paramount importance. It is, in fact, essential to their jobs, both in terms of having a job to do and earning the right to hold onto that job. In essence: you don’t have to be in charge of locking the door to the castle; you just have to be conscientious enough to know that, if it’s open and you don’t take the initiative to lock it, the enemy can take it over… and throw you out.
BYOD users, however, have separate castle doors to lock. The first is a device-specific password. Using a smartphone or tablet without one is like leaving the front door of your house or apartment unlocked – anyone can get inside, take a look around, and basically take whatever they want, whether it’s a bank account number or an eyes-only schematic for a groundbreaking product.
Next is needing usernames and passwords to access any apps that interact with the enterprise. Without that, MDM-based authentication and authorization can ensure that you and your device are approved. And, once you’re “in,” you may still need to enter an enterprise-specific set of identifiers.
Finally, there’s encryption. It’s built-in to some but by no means all enterprise-to-mobile technology and can provide additional protection.
Too many steps? Maybe. But humans are rarely consistent in their voluntary behavior, and all these checkpoints guarantee that they will be.
The post Too much attention to BYOD appeared first on Webalo - Blog.
