It is like this: as buzzwordy and amazing as the “Bring Your Own Device” (BYOD) trend is, it’s dangerous for your company’s infrastructure.
Currently around 80% of companies are already experiencing the BYOD trend, says VP/GM of Mobile at Rapid7, Giri Sreenivas. It seems as much as everyone is embracing the trend, less than half of these companies actually do something about the security risks it introduces.
Speaking at the RSA conference in Amsterdam, Sreenivas provides examples of recent severe mobile exploits, describing how organisations can manage and mitigate the risk without forcing strict and unwanted controls on employees.
According to Sreenivas, BYOD has happened fast and most organisations are reeling to catch up with changing behaviours. He reckons that there is an instinctive response to replicate IT asset management and security practices for BYOD. For organisations, it seems best to have a Blackberry-like approach to personal mobile devices and these containers create UX challenges and user rejection. These attempts may not make your organisation any more secure, he says, as users will attempt to work around your controls.
Key threats to mobile devices include:
Sreenivas warns that with recent threats such as DroidDream, AppSnapp and jailbreakme, organisations need to rethink how they do BYOD.
“BYOD is not for every organisation. Involve your employees — make it too hard for the end user and they will work around you, exposing your organisation to even more risks. There may not be an alternative given BlackBerry’s troubles,” he says.
In order to mitigate the threats posed by BOYD he thinks that organisations need to “design for risk management rather than inherit approaches to control.”